Resumen APTTrail
APTTrail mantiene indicadores publicos asociados a crimson sandstorm. Aliases observados: crimson sandstorm, imperial kitten, ta456, yellow liderc. Conteo por tipo: domain: 185, url: 4.
Indicadores de Compromiso (IOCs)
| Tipo | Valor | Contexto |
|---|---|---|
| Domain | 1st-smtp2go.email | APTTrail |
| Domain | 2nd-smtp2go.email | APTTrail |
| Domain | 3rd-smtp2go.email | APTTrail |
| Domain | 4th-smtp2go.email | APTTrail |
| Domain | accounts.cam | APTTrail |
| Domain | activesessions.me | APTTrail |
| Domain | adobes.software | APTTrail |
| Domain | alhds.net | APTTrail |
| Domain | apppure.cf | APTTrail |
| Domain | bahri.site | APTTrail |
| Domain | bbcnews.email | APTTrail |
| Domain | bitly.cam | APTTrail |
| Domain | biturl.cx | APTTrail |
| Domain | brdcst.email | APTTrail |
| Domain | careeronestop.site | APTTrail |
| Domain | cc-security-inc.email | APTTrail |
| Domain | ccsecurity-mail-inc.email | APTTrail |
| Domain | ccsecurity-mail-inc.services | APTTrail |
| Domain | citymyworkday.com | APTTrail |
| Domain | cityofberkeley.support | APTTrail |
| Domain | cnbcnews.email | APTTrail |
| Domain | cnnnews.global | APTTrail |
| Domain | codejquery-ui.com | APTTrail |
| Domain | com-account-challenge.email | APTTrail |
| Domain | com-signin-v2.email | APTTrail |
| Domain | comlogin.online | APTTrail |
| Domain | comlogin.services | APTTrail |
| Domain | copyleft.today | APTTrail |
| Domain | crisiswatchsupport.shop | APTTrail |
| Domain | datacatch.xyz | APTTrail |
Referencias
- https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
- https://otx.alienvault.com/pulse/5d8201965473b98dbf01a84f
- https://otx.alienvault.com/pulse/5d8a3103b8713b840f1b13dd
- https://otx.alienvault.com/pulse/60f07dd74b222a6b9cc38975
- https://www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain