Resumen APTTrail
APTTrail mantiene indicadores publicos asociados a apt-c-60. Aliases observados: apt-c-60, apt-q-12, spyglace. Conteo por tipo: domain: 4, ipv4: 5, url: 5.
Indicadores de Compromiso (IOCs)
| Tipo | Valor | Contexto |
|---|---|---|
| Domain | juanjuan.cesy.top | APTTrail |
| Domain | milfbate.com | APTTrail |
| Domain | nimdsrt.com | APTTrail |
| Domain | rammenale.com | APTTrail |
| IP | 103.187.26.174:443 | APTTrail |
| IP | 103.187.26.175:443 | APTTrail |
| IP | 103.187.26.176:443 | APTTrail |
| IP | 103.187.26.177:443 | APTTrail |
| IP | 203.174.87.18:443 | APTTrail |
| URL | http://104.168.169.138 | APTTrail |
| URL | http://192.236.209.113 | APTTrail |
| URL | http://192.67.255.191 | APTTrail |
| URL | http://23.254.225.177 | APTTrail |
| URL | http://51.210.235.46 | APTTrail |
Referencias
- https://app.validin.com/detail?find=WIN-9M19PDUO1OV&type=raw#tab=host_pairs_v2
- https://app.validin.com/detail?find=WIN-R92OFI6ANNT&type=raw#tab=host_pairs_v2
- https://app.validin.com/detail?find=WIN-S5H0DDH257T&type=raw#tab=host_pairs_v2
- https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/darkhotel-a-cluster-of-groups-united-by-common-techniques
- https://threatbook.io/blog/Military-Topics-in-Focus:-APT-C-60-Threat-Continues-to-be-Exposed
- https://www.virustotal.com/gui/file/4b74d5e09bca4898a782e938a8f9889b9ebadf8b0f14368bca90d9d0e68da472/detection
- https://www.virustotal.com/gui/file/861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c3/detection
- https://www.virustotal.com/gui/file/b62c9168fcde444dbc3be1593e80747929dcf1a49cc6305b49456d68d0c49e71/detection
- https://www.virustotal.com/gui/file/d0c554c836f955997316acf30b5039b52e5c9a8b127a5f33107314a481663b5e/detection
- https://www.virustotal.com/gui/ip-address/162.222.215.164/relations
- https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/
- https://x.com/blackorbird/status/1843929280415490335