Live
jordiserrano.meClickFixKAIROSIntelTracker 🌐 Traducir PanelActoresCampanasCompararEstadisticasBreachesRSSAPI
9,216Incidentes
411Actores
127Paises
20 JunActualizado
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
2026-05-22: 14 2026-05-23: 8 2026-05-24: 22 2026-05-25: 861 2026-05-26: 335 2026-05-27: 4 2026-05-28: 21 2026-05-29: 117 2026-05-30: 16 2026-05-31: 6 2026-06-01: 36 2026-06-02: 19 2026-06-03: 33 2026-06-04: 37 2026-06-05: 176 2026-06-06: 20 2026-06-07: 1 2026-06-08: 38 2026-06-09: 48 2026-06-10: 150 2026-06-11: 43 2026-06-12: 37 2026-06-13: 4 2026-06-14: 8 2026-06-15: 67 2026-06-16: 23 2026-06-17: 17 2026-06-18: 435 2026-06-19: 154 2026-06-20: 433
7d: 1,141 posts
346 grupos activos
+319 nuevos
Top: china (9.6%)
china ▲ 109 100% other-actors ▲ 74 100% bushidouk ▲ 55 100% malware---tools ▲ 54 100% unknown---unmapped-actors ▲ 44 100%

Actores mas activos

qilin635thegentlemen406akira293dragonforce244incransom224

Paises con mas actividad

United States4182United Kingdom310Germany245China218Canada165

IOCs con relaciones

hash191ip22ip-135-125-160.eu9hash3hash3
14 de 14 incidentesExportar CSV
Infrastructure: C2 often based on compromised servers
north-korea Reference North Korea
Que es Infrastructure: C2 often based on compromised servers se refiere a una táctica utilizada por actores APT (Advanced Persistent Threat) para establecer infraestructura de control comando (C2) en …
North Korea2 minVer analisis →
Persistency: tipically launching ransomware after operation to destroy evidences,Threat Recon.nshc.net alias=SectorA01,http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf,http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/,https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,https://www.alienvault.com/open-threat-exchange/blog/operation-blockbuster-unveils-the-actors-behind-the-sony-attacks,https://www.us-cert.gov/ncas/alerts/TA17-164A,http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do,https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/,https://www.crowdstrike.com/blog/unprecedented-announcement-fbi-implicates-north-korea-destructive-attacks/,https://www.us-cert.gov/ncas/alerts/TA17-318A,https://www.us-cert.gov/ncas/alerts/TA17-318B,https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf,https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/,https://www.darkreading.com/vulnerabilities---threats/lazarus-group-fancy-bear-most-active-threat-groups-in-2017/d/d-id/1330954?print=yes,https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, https://securelist.com/operation-applejeus/87553/,https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/,https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing,https://threatrecon.nshc.net/2019/01/23/sectora01-custom-proxy-utility-tool-analysis/,https://objective-see.com/blog/blog_0x49.html,https://www.sentinelone.com/blog/lazarus-apt-targets-mac-users-poisoned-word-document/,https://blog.alyac.co.kr/2827,https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/,https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/,https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/,https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/,https://www.clearskysec.com/operation-dream-job/,https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html,https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74,https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/,https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/,https://www.hvs-consulting.de/lazarus-report/,https://blog.chainalysis.com/reports/lazarus-group-kucoin-exchange-hack,https://securelist.com/lazarus-threatneedle/100803/,https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf,https://blog.alyac.co.kr/3814,https://www.cisa.gov/uscert/ncas/alerts/aa22-108a,https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/,https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/,https://securelist.com/dtrack-targeting-europe-latin-america/107798/,https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/,https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/,https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf,https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/,https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/,https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
north-korea Reference North Korea Gov T1566
Que es Threat Recon.nshc.net alias=SectorA01 es un actor APT del grupo regional de North Korea asociado a operaciones de ransomware. Este grupo ha sido documentado en múltiples fuentes de inteligencia…
North Korea2 minVer analisis →
APT37
north-korea Reference North Korea
Que es APT37 APT37 es un actor de alto nivel (Advanced Persistent Threat) vinculado al Grupo de Corea del Norte, conocido por su actividad en ciberseguridad y ransomware. Este grupo ha sido identifica…
North Korea2 minVer analisis →
(금성121),THALLIUM,,,,,G0067,Reaper,Erebus,Golden Time,Evil New Year,Are you Happy?,FreeMilk,North Korean Human Rights,Evil New Year 2018,Operation Earth Kitsune,KARAE
north-korea Reference North Korea
Que es (금성121) es un actor APT asociado al grupo regional de Corea del Norte. Este grupo está vinculado a múltiples alias, incluyendo THALLIUM, G0067, Reaper, Erebus, Golden Time, Evil New Year, Are y…
North Korea2 minVer analisis →
TEMP.Hermit
north-korea Reference North Korea
Que es TEMP.Hermit TEMP.Hermit es un actor APT (Advanced Persistent Threat) asociado al grupo regional de North Korea. Con alias como APT38, G0082, VOLGMER, PEACHPIT y otros, este grupo ha sido identi…
North Korea2 minVer analisis →
OnionDog
north-korea Reference North Korea 🚚 Transportation
Que es OnionDog es un actor APT (Advanced Persistent Threat) del grupo regional North Korea, asociado a actividades de ciberataques dirigidos principalmente contra el sector público y crítico de Corea…
North Korea2 minVer analisis →
Stardust Chollima
north-korea Reference North Korea
Que es Stardust Chollima es un actor APT (Advanced Persistent Threat) atribuido al grupo regional de North Korea. Con alias como APT38, ElectricFish, BlueNoroff y TA444, este actor ha sido identificad…
North Korea2 minVer analisis →
(Proofpoint),COPERNICIUM
north-korea Reference North Korea
Que es COPERNICIUM (también conocido como Proofpoint) es un actor APT asociado al grupo regional de Corea del Norte. Este grupo ha sido identificado en múltiples fuentes como un responsable de activid…
North Korea2 minVer analisis →
(Microsoft),TAG-71,,,,G0082,,Far Eastern International Bank,,,,,,,,Dimens
north-korea Reference North Korea
Que es Microsoft se asocia con un actor APT regional vinculado al grupo North Korea, conocido como Far Eastern International Bank y Dimens. Este actor, identificado con alias como MBR Killer, Electric…
North Korea2 minVer analisis →
APT43
north-korea Reference North Korea
Que es APT43 es un actor de ciberseguridad asociado al grupo regional North Korea, reconocido como un actor APT (Advanced Persistent Threat) con múltiples alias, incluidos Archipelago, Honeybee, y dom…
North Korea2 minVer analisis →
WASSONITE
north-korea Reference North Korea
Que es WASSONITE es un actor APT (Advanced Persistent Threat) asociado al grupo regional de North Korea, con alias como FASTCash y DTrack. Este grupo se enfoca principalmente en entidades asiáticas, c…
North Korea2 minVer analisis →
Third-party security firms associate DTrack and its related malware to the Lazarus Group. Dragos also associates the activity group COVELLITE to Lazarus Group. However
north-korea Reference North Korea
Que es DTrack y su malware relacionado se asocian a la Lazarus Group, un grupo de ciberataques apuntado a Corea del Norte. Este grupo, identificado como una Actor APT regional, opera bajo el alias de …
North Korea2 minVer analisis →
North Korea
naming-taxonomies Reference North Korea
Que es North Korea es un actor APT (Advanced Persistent Threat) regional asociado al grupo Naming Taxonomies, reconocido por su actividad cibernética en el contexto de seguridad nacional. El grupo uti…
North Korea2 minVer analisis →
Stored Data Manipulation
Threat-actor North Korea
Descripción de la Tecnica Stored Data Manipulation es un patrón de ataque en el framework MITRE ATT&CK que describe cómo los actores maliciosos alteran datos almacenados (en reposo) para influir en re…
North Korea3 minVer analisis →