Today > | 4 High | 23 Medium vulnerabilities   -   You can now download lists of IOCs here!

GreenCharlie Infrastructure Linked to US Political Campaign Targeting

Aug. 21, 2024, 11 a.m.

Description

An analysis by Insikt Group revealed a significant surge in cyber threat activities from GreenCharlie, an Iran-linked group associated with Mint Sandstorm, Charming Kitten, and APT42. The group persistently targets US political and governmental entities through sophisticated phishing operations involving malware like GORBLE and POWERSTAR. Their infrastructure employs dynamic DNS providers and deceptive domain themes to facilitate phishing attacks. Recorded Future's Network Intelligence identified Iran-based IP addresses communicating with GreenCharlie's infrastructure, further suggesting Iranian involvement in these operations.

Date

Published: Aug. 21, 2024, 10:48 a.m.

Created: Aug. 21, 2024, 10:48 a.m.

Modified: Aug. 21, 2024, 11 a.m.

Indicators

c3486133783379e13ed37c45dc6645cbee4c1c6e62e7988722931eef99c8eaf3

4ac088bf25d153ec2b9402377695b15a28019dc8087d98bd34e10fed3424125f

33a61ff123713da26f45b399a9828e29ad25fbda7e8994c954d714375ef92156

91.232.105.185

94.74.175.209

54.39.143.112

5.106.202.101

5.106.219.243

5.106.185.98

5.106.169.235

5.106.153.245

38.180.91.213

38.180.146.252

38.180.146.214

38.180.146.212

38.180.146.194

38.180.146.174

38.180.123.234

38.180.123.187

38.180.123.231

38.180.123.135

38.180.123.113

37.148.63.24

193.111.236.130

185.241.61.86

172.86.77.85

94.74.145.184

93.119.48.60

146.70.95.251

37.1.194.250

37.255.251.17

www.selfpackage.info

www.chatsynctransfer.info

worldstate.duia.us

viewdestination.vpndns.net

vector.kozow.com

uptimezonemetadta.run.place

uptime-timezone.dns-dynamic.net

translatorupdater.dns-dynamic.net

tracedestination.duia.eu

towerreseller.dns-dynamic.net

timezone-update.duckdns.org

timelinepage.dns-dynamic.net

thisismydomain.chickenkiller.com

thisismyapp.accesscam.org

termsstatement.duckdns.org

synctimezone.dns-dynamic.net

streaml23.duia.eu

storageprovider.duia.eu

sourceusedirection.mypi.co

softservicetel.ddns.net

sharestoredocs.theworkpc.com

smartview.dns-dynamic.net

searchstatistics.duckdns.org

reviewedition.duia.eu

readquickarticle.dns-dynamic.net

realpage.redirectme.net

preparingdestination.fixip.org

nextcloudzone.dns-dynamic.net

overflow.duia.eu

nextcloud.duia.us

mobiletoolssdk.dns-dynamic.net

longlivefreedom.ddns.net

linereview.duia.eu

lineeditor.mypi.co

lineeditor.32-b.it

lineeditor.001www.com

joincloud.mypi.co

joincloud.duckdns.org

icenotebook.ddns.net

hugmefirstddd.ddns.net

highlightsreview.line.pm

finaledition.redirectme.net

filereader.dns-dynamic.net

entryconfirmation.duckdns.org

editioncloudfiles.dns-dynamic.net

dynamictranslator.ddnsgeek.com

dynamicrender.line.pm

documentcloudeditor.ddnsgeek.com

doceditor.duckdns.org

dev.cheap-case.site

destinationzone.duia.eu

demo.cheap-case.site

continueresource.forumz.info

continue.duia.eu

coldwarehexahash.dns-dynamic.net

contentpreview.redirectme.net

cloudtools.duia.eu

callfeedback.duia.ro

backend.cheap-case.site

api.cheap-case.site

api.overall-continuing.site

app.cheap-case.site

webviewerpage.info

selfpackage.info

admin.cheap-case.site

projectdrivevirtualcloud.co.uk

researchdocument.info

realcloud.info

pkglessplans.xyz

personalcloudparent.info

personalwebview.info

onetimestorage.info

onlinecloudzone.info

messagepending.info

itemselectionmode.info

directfileinternal.info

cloudregionpages.info

activeeditor.info

cloudarchive.info

chatsynctransfer.info

Attack Patterns

GORBLE

POWERSTAR

GreenCharlie

T1591

T1568

T1588

T1608

T1199

T1598

T1489

T1486

T1203

T1204

T1566

T1090

Additional Informations

Technology

Government

United States of America