jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: APT TODDYCAT indicators and references

APTTrail: APT TODDYCAT indicators and references

Ioc 1 min lectura apt-toddycat
Fecha
18 Jun 2026
Actor
apt-toddycat
Tipo
Ioc
Pais
United States
Sector
Government
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
apt-toddycatActor
United StatesPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a APT TODDYCAT. Aliases observados: APT TODDYCAT. Conteo por tipo: domain: 29, ipv4: 1, url: 1.

Key Points

  • https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/
  • https://securelist.com/toddycat-keep-calm-and-check-logs/110696/
  • https://securelist.com/toddycat/106799/
  • https://www.virustotal.com/gui/file/877579185a72fbaf1afa78d3c50dbab187780d545d5375ba4c29147083176697/detection

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a APT TODDYCAT. Aliases observados: APT TODDYCAT. Conteo por tipo: domain: 29, ipv4: 1, url: 1.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domainad.fopingu.comAPTTrail
Domainadmit.pkigoscorp.comAPTTrail
Domainbackend.rtmcsync.comAPTTrail
Domaincdn.pkigoscorp.comAPTTrail
Domaincert.qform3d.inAPTTrail
Domaincertexvpn.comAPTTrail
Domaincyberguard.certexvpn.comAPTTrail
Domaineaq.machineaccountquota.comAPTTrail
Domaineohsdnsaaojrhnqo.windowshost.usAPTTrail
Domainfopingu.comAPTTrail
Domaingist.gitbusercontent.comAPTTrail
Domaingit.gitbusercontent.comAPTTrail
Domaingitbusercontent.comAPTTrail
Domaingithubdd.workers.devAPTTrail
Domainidp.pkigoscorp.comAPTTrail
Domainimap.774b884034c450b.comAPTTrail
Domainmachineaccountquota.comAPTTrail
Domainmfeagents.workers.devAPTTrail
Domainns01.nayatel.orinafz.comAPTTrail
Domainpic.rtmcsync.comAPTTrail
Domainpkigoscorp.comAPTTrail
Domainproxy.rtmcsync.comAPTTrail
Domainqaq2.machineaccountquota.comAPTTrail
Domainqform3d.inAPTTrail
Domainraw.gitbusercontent.comAPTTrail
Domainrtmcsync.comAPTTrail
Domainsolitary-dawn-61af.mfeagents.workers.devAPTTrail
Domainsslvpn.pkigoscorp.comAPTTrail
Domainupdate.certexvpn.comAPTTrail
IP139.180.145.121:443APTTrail

Referencias

Diamond Model

Adversary
apt-toddycat
Ver perfil →
Victim
APTTrail: APT TODDYCAT indicators and references
United States
Capability
Ioc
Infrastructure
ad.fopingu.com
admit.pkigoscorp.com
backend.rtmcsync.com
cdn.pkigoscorp.com

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain ad.fopingu.com APTTrail VT OffSec SOCRadar
Domain admit.pkigoscorp.com APTTrail VT OffSec SOCRadar
Domain backend.rtmcsync.com APTTrail VT OffSec SOCRadar
Domain cdn.pkigoscorp.com APTTrail VT OffSec SOCRadar
Domain cert.qform3d.in APTTrail VT OffSec SOCRadar
Domain certexvpn.com APTTrail VT OffSec SOCRadar
Domain cyberguard.certexvpn.com APTTrail VT OffSec SOCRadar
Domain eaq.machineaccountquota.com APTTrail VT OffSec SOCRadar
Domain eohsdnsaaojrhnqo.windowshost.us APTTrail VT OffSec SOCRadar
Domain fopingu.com APTTrail VT OffSec SOCRadar
Domain gist.gitbusercontent.com APTTrail VT OffSec SOCRadar
Domain git.gitbusercontent.com APTTrail VT OffSec SOCRadar
Domain gitbusercontent.com APTTrail VT OffSec SOCRadar
Domain githubdd.workers.dev APTTrail VT OffSec SOCRadar
Domain idp.pkigoscorp.com APTTrail VT OffSec SOCRadar
Domain imap.774b884034c450b.com APTTrail VT OffSec SOCRadar
Domain machineaccountquota.com APTTrail VT OffSec SOCRadar
Domain mfeagents.workers.dev APTTrail VT OffSec SOCRadar
Domain ns01.nayatel.orinafz.com APTTrail VT OffSec SOCRadar
Domain pic.rtmcsync.com APTTrail VT OffSec SOCRadar
Domain pkigoscorp.com APTTrail VT OffSec SOCRadar
Domain proxy.rtmcsync.com APTTrail VT OffSec SOCRadar
Domain qaq2.machineaccountquota.com APTTrail VT OffSec SOCRadar
Domain qform3d.in APTTrail VT OffSec SOCRadar
Domain raw.gitbusercontent.com APTTrail VT OffSec SOCRadar
Domain rtmcsync.com APTTrail VT OffSec SOCRadar
Domain solitary-dawn-61af.mfeagents.workers.dev APTTrail VT OffSec SOCRadar
Domain sslvpn.pkigoscorp.com APTTrail VT OffSec SOCRadar
Domain update.certexvpn.com APTTrail VT OffSec SOCRadar
IP 139.180.145.121:443 APTTrail VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor apt-toddycat en el blog → Ver apt-toddycat en IntelTracker → URL IntelTracker: research.checkpoint.com→ URL IntelTracker: securelist.com→ URL IntelTracker: securelist.com→ URL IntelTracker: www.virustotal.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: research.checkpoint.com→ Fuente OSINT: securelist.com→ Fuente OSINT: securelist.com→ Fuente OSINT: www.virustotal.com → Buscar apt-toddycat en APTTrail → Repositorio APTTrail → Mas incidentes en United States → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

June 2026 Stealer Logs18 Jun 2026 · breach CFGI18 Jun 2026 · breach Berkadia18 Jun 2026 · breach Infinite Campus18 Jun 2026 · breach Horizon Family Medical Group18 Jun 2026 · incransom www.wolfconstruction.net18 Jun 2026 · lynx Amazon owned OneMedical.com18 Jun 2026 · shinyhunters NAIC.org18 Jun 2026 · shinyhunters