Today > 7 Critical | 2 High | 11 Medium vulnerabilities   -   You can now download lists of IOCs here!

RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats

Jan. 9, 2025, 5:22 p.m.

Tags
spearphishing
plugx
html
microsoft azure
2025-01-09
cloudflare cdn
shortcut (lnk) file
External References
Description

Between July 2023 and December 2024, the Chinese state-sponsored group RedDelta targeted Mongolia, Taiwan, and Southeast Asian countries with an adapted infection chain to distribute its customized PlugX backdoor. The group used themed lure documents and evolved its tactics, transitioning from Windows Shortcut files to Microsoft Management Console Snap-In Control files, and finally to HTML files hosted on Microsoft Azure. RedDelta consistently used Cloudflare CDN to proxy command-and-control traffic, blending with legitimate traffic. The group's activities align with Chinese strategic priorities, focusing on governments and diplomatic organizations in the targeted regions.

Date

Published: Jan. 9, 2025, 4:28 p.m.

Created: Jan. 9, 2025, 4:28 p.m.

Modified: Jan. 9, 2025, 5:22 p.m.

Indicators

f2b04c3c764c85c0bedb434b55304d26d067662cd47e620e219657a0007c9fe0

f1f58fda25e2a6dde9cab4faf02f7246d2a8ab2c96b4b055deea4093eee9d0e6

f1812ca5170af2401d501561d2a3036379752d22111b10f9ac570587364c82aa

ee9c935adae0d830cdc0fccd12b19c32be4f15dffcf454a9d807016ce59ff9a9

eae187a91f97838dbb327b684d6a954beee49f522a829a1b51c1621218039040

e1c85c49982339770189f7947b5bfeb926bc3e4e1d1c63655cb0f8cfdc82a647

dd2d8fb565b18065bde545da16f67f31036b4d45dec5b82caa74e30a617e85e8

df3e5c62fa7086eec23c04cb52a17d64aa0b4f252551c8a65c599291a7cee61f

dc155cb86f5240c2c39c851e006e39cb33ed9b52e0633cbcdcc2164a47a93e22

dbe26b8c3a75f2a78e1a47e021e5ed0087dd8433a667ab8238385529239f108e

d674025113d350438a11439d56db111881de887fea41b2d168c6c2b8d8c22014

d8981d4cbca9b99828a9459e4abfbbe20a221bfc59fc0f2a6d6a751c363b26c4

d27c5d38c2f3e589105c797b6590116d3ec58ad0d2b998d2ea92af67b07c76b1

d188e877066f0932440d4cd8e8e2e856d7b92d40b475b7c0f0c996b34a2847a4

d4b9f7c167bc69471baf9e18afd924cf9583b12eee0f088c98abfc55efd77617

d0c4eb52ea0041cab5d9e1aea17e0fe8a588879a03415f609b195cfbd69caafc

ca0dfda9a329f5729b3ca07c6578b3b6560e7cfaeff8d988d1fe8c9ca6896da5

ca963057e69914d7e6c40aa7c43b393a1516f6dfdd2abfed12ddaa21fc2cfcce

c6bd2c31ebaa8d51964c49a22bc796aa506e594d6f1b1043b01d0baf58836172

c5aa22163eb302ef72c553015ae78f1efe79e0167acad10047b0b25844087205

c2d259056163788dce3a98562bb3bcba3a57a23854104e58a8d0fe18200d690b

c25b3a3d7779cb89772454a756ce48ed3744cf233564d309b6f8d19bd8e26fa4

c1f27bed733c5bcf76d2e37e1f905d6c4e7abaeb0ea8975fca2d300c19c5e84f

b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93

bde73773529ec32161fb8a675b50678771bf317a83f3dd8d0c47f54bdc665722

b63f51537957572c43c26fc8e9088361978ee901df4b8e67d48843c4fb7c027b

ade0b5cfedfa73252ec72deee7eb79e26380e2e50b47efcfe12350c9a255bb66

b02b2c0a9209f20dab4efbc458160f5a9efdb81b6474ec10bb727295a86d825a

aafff72a8c4ad7be37b25e3686a28a11f1d29a0acc771cac1974e17c176c5ed1

abd5a09ec75ff36df87ece894cab441ef7f021f5bdd8ba55d00b8ed8aac03ab4

aaad74fbf1b3f499aa2be9f5a86f0d6427c2d807c27532090671295a2b5d67e0

a7735182b7f9f2c10af3f8d2d10634c344d984f6e53e7a3787e4d3d756a7a0a0

976ffe00ca06a4e3d2482815c2770086e7283025eeecad0a750001dedaa2d16a

9afddc7ff0a75975748e5dc7d81eee8cd32be79ca32edfebd151a376563e7d4b

96085a217f0841bae3fe77ecf60785a5cf4051748e90c818cf6160f7fd00b12e

945f7ca6ce890f6cd1813b0ed1912ef25ed4a5f11da0fe97c20fe443bd4489a1

94ad60e87518ac2f655be1b0297e0109da3ef0ae733357206e3e87712c5dfba7

9333cc552193cfe9122515e3d7b210de317c297f1c09da5180b3a7f006d94fe4

87d0abc1c305f7ce8e98dc86712f841dd491dfda1c1fba42a70d97a84c5a9c70

83946986b28fd8d04d59bab994cd2dc48e83b9711a8f453d8364c2ad27ea0254

80a7ff01de553cb099452cb9fac5762caf96c0c3cd9c5ad229739da7f2a2ca72

7f382a8b19613d078e4b78b677cb7592cab7c17577638e7ecad0a4952c6f4055

7b8dbfe66d16ad627d3864bd5d396b98a86c75aa4a3d87067a03221d73a560c1

7a2994a6b61ee8ac668e41e622edfa7ae7e06b66d80c2a535f5822bc98058c33

77f813a461b4f1f1c765d951f0bf04668d96efea72cb8ecfb594ea2e36153cf8

75e849cc96c573fdfe0233b4d9a79c17fb4c40f15c0b6c0d847c461a30f1cbe8

7a16ba2f0d2c4f7779b67e41f8196ddc6652ca7b61607696ed154df83c8d7b9c

749d8980d80966480c85c112a10e1be3d391c1f4673977e880fa461edc2cbf18

73451742de056d3d06f7c42904651439198df449115f7adb08601b8104bec6fb

71e462aaca0f2d8c8a685756b070d017c796de6ac22021a79d922f2f182d4fb0

6e37ad572f1e7d228c8c0c7cb1ef2d966d16d681669587cfb80e063106d77a6e

6e07e37618f57ac1930865e175d49ef1bf85aa882ffbd30538f55f64d024085b

6784b646378c650a86ba4fdd4baaaf608e5ecdf171c71bb7720f83965cc8c96f

6ac4b0fd81e317615e0935e83874ef997b7bff3aff2f391405a2e22161f4fd45

62adbe84f0f19e897df4e0573fc048272e0b537d5b34f811162b8526b9afaf32

5dae5254493df246c15e52fd246855a5d0a248f36925cecee141348112776275

58a73d445f6122c921092001b132460bb6c1601dc93ecfaabe5df2bf0fef84de

5479927c78faed415853c3ba3798dfff93d4047a17c3c4d87f7dc1ce8289395c

557f04c6ab6f06e11032b25bd3989209de90de898d145b2d3a56e3c9f354d884

53bafcf064d421341c582d93108e84df2f0e284c2b0a4dc2deb9099aa953bf5a

5400fda058d7a13c27e9c95453634e4fee9a421023e0d4482f3eacc198caa928

52ba1bd4d40202c24cb896a355f094dbe0dc6e211f5ddd5b59f0c39b99203172

507aa944d77806b3f24a3337729b52168808e8d469e5253cbf889cdaabb5254e

4ac2a633904b0da3ac471776ecbaded91e1f3a5107630fafde76868cace46051

49c32f39d420b836a2850401c134fece4946f440c535d4813362948c2de3996f

49abaa2ba33af3ebde62af1979ed7a4429866f4f708e0d8e9cfffcfa7a279604

3e6772aca8bb8e71956349f1ea9fecda5d9b9cfa00f8cdbf846c169ab468a370

3ced0837225b635f2ed63e4f72f95933d804e089a21eb8022407a74d772bb94f

397afb74746b2fe01abc63789412b38f44ceb234a278a04b85b2bb5b4e64cc8c

38b2852a8dfadac620351c7bea674c29cc5aa89d051fb7acfb8d550df00d4403

37c7bdac64e279dc421de8f8a364db1e9fd1dcca3a6c1d33df890c1da7573e9f

367a98647dea14345e258bc01dfb77b46d1a895e91b5d088cf949de34db13f59

3552708726f50ee949656e66a4a10da304bae088fa1b875bfab9e182b6ec97f7

34e915d93b541471a9f7e747303f456732cd48c52e91ef268e32119ea8c433c0

30fbf917d0a510b8dac3bacb0f4948f9d55bbfb0fa960b07f0af20ba4f18fc19

2cd4fb94268ba063b1a5eea7fe87e794fecf46c0f56c2aaa81e8c9052bb4f5f2

2d884fd8cfa585adec7407059064672d06a6f4bdc28cf4893c01262ef15ddb99

2c791775e66a77fe72aa826823f554bfe9a41525c6c1c14798cf56a42925db31

288e79407daae7ae9483ef789d035d464cf878a611db453675ba1a2f6beb1a03

282fc12e4f36b6e2558f5dd33320385f41e72d3a90d0d3777a31ef1ba40722d6

2232cd249be265d092ea923452f82aae28f965b48897fe6f05a7cd4495fcd96e

2220a9297876d7ffb5ad8da4d35ed7b2c8746129f66056e81c4f74a6bb224fd7

1efe366230043521c1f55cc049117a65acd1a29f4470446ad277f57c4f3a2feb

1bde2b050117d7f27e55a71b4795476decace1850587a17d6cf6fd3fc030ff1a

1a37289c70c78697b85937ae4e1e8a4cebb7972c731aceaef2813e241217f009

16dd782942b25aa2eb61bc7de36820444b9f55846c815e249a942b52c61be6b5

0c7ee8667f48c50ea68c9ad02880f0ff141a3279bd000502038a3a187c7d1ede

0b152012c1deab39c6ed7fe75a27168eaaec43ae025ee74d35c2fee2651b8902

042045687882ec8dc2d61e26e86e56620c4a1e694b46f9ce814b060cb0cf4bb5

00619a5312d6957248bac777c44c0e9dd871950c6785830695c51184217a1437

f0aa5a27ea01362dce9ced3685961d599e1c9203eef171b76c855a3db41f1ec6

8c9e1f17e82369d857e5bf3c41f0609b1e75fd5a4080634bc8ae7291ebe2186c

e81982e40ee5aaed85817343464d621179a311855ca7bcc514d70f47ed5a2c67

54549745868b27f5e533a99b3c10f29bc5504d01bd0792568f2ad1569625b1fd

1cbf860e99dcd2594a9de3c616ee86c894d85145bc42e55f4fed3a31ef7c2292

f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5

c7ec098093eb08d2b36d1c37b928d716d8da021f93319a093808a7ceb3b35dc1

b6f375d8e75c438d63c8be429ab3b6608f1adcd233c0cc939082a6d7371c09bb

a5cd617434e8d0e8ae25b961830113cba7308c2f1ff274f09247de8ed74cac4f

a0a3eeb6973f12fe61e6e90fe5fe8e406a8e00b31b1511a0dfe9a88109d0d129

908ff3a80ef065ab4be1942e0d41583903f6aac02d97df6b4a92a07a633397a8

7c741c8bcd19990140f3fa4aa95bb195929c9429fc47f95cf4ab9fad03040f7b

74f3101e869cedb3fc6608baa21f91290bb3db41c4260efe86f9aeb7279f18a1

67c23db357588489031700ea8c7dc502a6081d7d1a620c03b82a8f281aa6bde6

651c096cf7043a01d939dff9ba58e4d69f15b2244c71b43bedb4ada8c37e8859

471e61015ff18349f4bf357447597a54579839336188d98d299b14cff458d132

364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321

095855cf6c82ae662cce34294f0969ca8c9df266736105c0297d2913a9237dd1

96.43.101.245

45.83.236.105

45.76.132.25

45.133.239.21

45.133.239.183

45.128.153.73

223.26.52.208

202.91.36.213

207.246.106.38

182.114.110.170

167.179.100.144

182.114.110.11

161.97.107.93

155.138.203.78

154.205.136.105

149.104.2.160

147.78.12.202

115.61.170.70

115.61.170.105

115.61.169.139

115.61.168.170

115.61.168.143

107.155.56.87

107.155.56.4

107.155.56.15

103.79.120.92

107.148.32.206

103.238.225.248

103.107.105.81

103.107.104.4

103.107.104.37

38.180.75.197

182.114.108.91

45.135.119.132

154.90.47.123

116.206.178.68

149.104.12.64

116.206.178.67

116.206.178.34

103.238.227.183

103.107.104.57

182.114.108.93

115.61.168.229

xxmodkiufnsw.shop

windowsfiledownload.com

vopaklatinamerica.com

vanessalove.com

vabercoach.com

usedownload.com

unixhonpo.com

tychonews.com

truff-evadee.com

truckingaccidentattorneyblog.com

tophooks.org

tigernewsmedia.com

tigermm.com

thelocaltribe.com

techoilproducts.com

tasensors.com

starlightstar.com

spencerinfo.net

smldatacenter.com

sangkayrealnews.com

rpcgenetics.com

riversidebreakingnews.com

richwoodgrill.com

reformporta.com

redactnews.com

quickoffice360.com

pinaylizzie.com

pgfabrics.com

onmnews.com

oncalltechnical.com

nymsportsmen.com

normalverkehr.com

newslandtoday.net

myynzl.com

mrytlebeachinfo.com

mojhaloton.com

mobilefiledownload.com

mexicoglobaluniversity.com

maineasce.com

looksnews.com

londonisthereason.com

loginge.com

lokjopppkuimlpo.shop

linkonmarketing.com

kxmmcdmnb.online

kerrvillehomeschoolers.com

kentscaffolders.com

kelownahomerenovations.com

jorzineonline.com

itduniversity.com

irprofiles.com

iplanforamerica.com

instalaymantiene.com

inhller.com

infotechtelecom.com

indiinfo.com

importsmall.com

howtotopics.com

homeimageidea.com

hisnhershealthynhappy.com

hajjnewsbd.com

goodrapp.com

goclamdep.net

globaleyenews.com

glassdoog.org

getupdates.net

flaworkcomp.com

flfprlkgpppg.shop

finasterideanswers.com

financialextremed.com

erpdown.com

epsross.com

elevateecom.com

dmfarmnews.com

cuanhuaanbinh.com

createcopilot.com

crappienews.com

councilofwizards.com

conflictaslesson.com

calgarycarfinancing.com

comparetextbook.com

bramjtop.com

bonuscuk.com

bkller.com

artbykathrynmorin.com

atasensors.com

armzrace.com

antioxidantsnews.com

alvinclayman.com

alphadawgrecords.com

aljazddra.com

alicevivianny.com

abecopiers.com

365officemail.com

7gzi.com

versaillesinfo.com

shreyaninfotech.com

profilepimpz.com

lifeyomi.com

lebohdc.com

gulfesolutions.com

buyinginfo.org

mongolianshipregistrar.com

meetviberapi.com

ivibers.com

getfiledown.com

estmongolia.com

electrictulsa.com

Download all indicators here!

Attack Patterns

PlugX

RedDelta

T1583.001

T1132.001

T1583.003

T1573.001

T1218.007

T1059.001

T1566.002

T1547.001

T1071.001

T1036.005

T1204.002

T1574.001

T1082

T1566.001

T1102

T1140

Additional Informations

Defense

NGO

Government

Ethiopia

Mongolia

Myanmar

India

Taiwan

Japan

Malaysia

Cambodia