Rectifyq📃Title: Regin: nation-state ownage of GSM networks
📅Date: 2014-11-24
🔗References:
- https://securelist.com/regin-nation-state-ownage-of-gsm-networks/67741/
- https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070305/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- malpedia=“Regin”
- sector=“Bank”
- sector=“Education”
- sector=“Government, Administration”
- sector=“Research - Innovation”
- target-information=“Afghanistan”
- target-information=“Algeria”
- target-information=“Belgium”
- target-information=“Brazil”
- target-information=“Fiji”
- target-information=“Germany”
- target-information=“India”
- target-information=“Indonesia”
- target-information=“Iran”
- target-information=“Kiribati”
- target-information=“Malaysia”
- target-information=“Pakistan”
- target-information=“Russia”
- target-information=“Syria”
- producer= Kaspersky
- mitre-attack-pattern=[]
MISP event uuid: 2face905-11c0-4d37-b106-950a1235e579
Indicator of Compromise (IoCs)
type,value,comment
md5, 06665b96e293b23acc80451abb413e50, 'Stage 1 file'
md5, 187044596bc1328efa0ed636d8aa4a5c, 'Stage 1 file'
md5, 1c024e599ac055312a4ab75b3950040a, 'Stage 1 file'
md5, 2c8b9d2885543d7ade3cae98225e263b, 'Stage 1 file'
md5, 4b6b86c7fec1c574706cecedf44abded, 'Stage 1 file'
md5, 6662c390b2bbbd291ec7987388fc75d7, 'Stage 1 file'
md5, b269894f434657db2b15949641a67532, 'Stage 1 file'
md5, b29ca4f22ae7b7b25f79c1d4a421139d, 'Stage 1 file'
md5, b505d65721bb2453d5039a389113b566, 'Stage 1 file'
md5, 26297dc3cd0b688de3b846983c5385e5, 'Stage 1 file'
md5, ba7bb65634ce1e30c1e5415be3d1db1d, 'Stage 1 file'
md5, bfbe8c3ee78750c3a520480700e440f8, 'Stage 1 file'
md5, d240f06e98c8d3e647cbf4d442d79475, 'Stage 1 file'
md5, ffb0b9b5b610191051a7bdf0806e1e47, 'Stage 1 file'
md5, 01c2f321b6bfdb9473c079b0797567ba, 'Unusual stage 1 files apparently compiled from various public source codes merged with malicious code'
md5, 47d0e8f9d7a6429920329207a32ecc2e, 'Unusual stage 1 files apparently compiled from various public source codes merged with malicious code'
md5, 744c07e886497f7b68f6f7fe57b7ab54, 'Unusual stage 1 files apparently compiled from various public source codes merged with malicious code'
md5, db405ad775ac887a337b02ea8b07fddc, 'Unusual stage 1 files apparently compiled from various public source codes merged with malicious code'
md5, 8486ec3112e322f9f468bdea3005d7b5, 'Stage 3'
ip-dst, 61.67.114.73, 'C&C'
ip-dst, 202.71.144.113, 'C&C'
domain, team-m.co, 'C&C'
ip-dst, 203.199.89.80, 'C&C'
ip-dst, 194.183.237.145, 'C&C'
md5, bddf5afbea2d0eed77f2ad4e9a4f044d, 'Stage 1 No sample in VT\r\nLast check:23/02/2025'
md5, c053a0a3f1edcbbfc9b51bc640e808ce, 'Stage 1 No sample in VT\r\nLast check:23/02/2025'
md5, e63422e458afdfe111bd0b87c1e9772c, 'Stage 1 No sample in VT\r\nLast check:23/02/2025'
md5, 18d4898d82fcb290dfed2a9f70d66833, 'Stage 2 No sample in VT\r\nLast check:23/02/2025'
md5, b9e4f9d32ce59e7c4daf6b237c330e25, 'Stage 2 No sample in VT\r\nLast check:23/02/2025'
md5, d446b1ed24dad48311f287f3c65aeb80, 'Stage 2 No sample in VT\r\nLast check:23/02/2025'
md5, da03648948475b2d0e3e2345d7a9bbbb, 'Stage 3 No sample in VT\r\nLast check:23/02/2025'
md5, 1e4076caa08e41a5befc52efd74819ea, 'Stage 4 No sample in VT\r\nLast check:23/02/2025'
md5, 68297fde98e9c0c29cecc0ebf38bde95, 'Stage 4 No sample in VT\r\nLast check:23/02/2025'
md5, 6cf5dc32e1f6959e7354e85101ec219a, 'Stage 4 No sample in VT\r\nLast check:23/02/2025'
md5, 885dcd517faf9fac655b8da66315462d, 'Stage 4 No sample in VT\r\nLast check:23/02/2025'
md5, a1d727340158ec0af81a845abd3963c1, 'Stage 4 No sample in VT\r\nLast check:23/02/2025'
Full IOCs available in Rectifyq’s MISP