Intelligence on Malware, Tools, Threat Actors, and Campaigns in Motion

Introduction

Darkstream Dispatch is a monthly intelligence report dedicated to tracking and analyzing malware families, threat actors, and cyber campaigns primarily targeting Civil Society Organizations (CSOs), human rights defenders, and advocacy groups. As digital threats become more sophisticated, CSOs face increasing risks from state-sponsored actors, cybercriminals, and surveillance campaigns designed to compromise their operations, communications, and safety. This volume focuses on IPIDEA, a residential proxy toolkit.

Description

IPIDEA is a commercial software toolkit that functions as a residential proxy tool, integrating devices into a proxy network as exit nodes. This toolkit is frequently embedded within third-party applications under various names such as Packet SDK, Earn SDK, Castar SDK, and Hex SDK. Security researchers have identified IPIDEA as a significant component of the digital ecosystem, leveraged by a wide array of malicious actors

Overview

Malware Type: 

Residential proxy toolkit, Tunneler

Operating System: 

Android, ios, Linux, Mac, Windows

Capabilities:  

HTTP header capabilities

Confirmed Targeted Industries: 

Civil Society & Non-Profits, Aerospace & Defense, Chemicals & Materials, Construction & Engineering, Education, Energy & Utilities, Financial Services, Government, Healthcare, Hospitality, Insurance, Legal & Professional Services, Manufacturing, Media & Entertainment, Pharmaceuticals, Retail, Technology, Telecommunications, and Transportation.

Confirmed Targeted Region(s):

Global

MITRE ATT&CK Techniques: 

Encrypted Channel (T1573), Symmetric Cryptography (T1573.001)

Associated Malware: 

N/A

Associated Vulnerabilities: 

N/A

Associated Tools

N/A

Find the full list of IOCs here:

To read more about IPIDEA, kindly read the full Google analysis here.
If you also suspect a security breach of some sort, reach out to us on our helpdesk (help@cchub.africa)