jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: CVE-2023-36884 indicators and references

APTTrail: CVE-2023-36884 indicators and references

Ioc 1 min lectura cve-2023-36884
Fecha
18 Jun 2026
Actor
cve-2023-36884
Tipo
Ioc
Pais
United Kingdom
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
cve-2023-36884Actor
United KingdomPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a CVE-2023-36884. Aliases observados: CVE-2023-36884, dustyhammock, meltingclaw, romcom, rustyclaw, shadyhammock, singlecamper, snipbot, uat-5647. Conteo por tipo: domain: 76, file_path: 9, ipv4: 16, url: 3.

Key Points

  • https://app.validin.com/detail?find=185.225.74.94&type=ip4&ref_id=65ec9bcbe4c#tab=resolutions
  • https://blog.talosintelligence.com/uat-5647-romcom/
  • https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit
  • https://cert.gov.ua/article/2394117 (Ukrainian)
  • https://cert.gov.ua/article/5077168 (# UAC-0168)

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a CVE-2023-36884. Aliases observados: CVE-2023-36884, dustyhammock, meltingclaw, romcom, rustyclaw, shadyhammock, singlecamper, snipbot, uat-5647. Conteo por tipo: domain: 76, file_path: 9, ipv4: 16, url: 3.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domain1drv.fileshare.directAPTTrail
Domain1drv.us.comAPTTrail
Domain4qzm.comAPTTrail
Domainadbefnts.devAPTTrail
Domainadcreative.picturesAPTTrail
Domainadobe.cloudcreative.digitalAPTTrail
Domainadvanced-ip-scaner.comAPTTrail
Domainadvanced-ip-scanners.comAPTTrail
Domainaltimata.orgAPTTrail
Domainapisolving.comAPTTrail
Domainaspx.ioAPTTrail
Domainbentaxworld.comAPTTrail
Domainbudgetnews.orgAPTTrail
Domaincampanole.comAPTTrail
Domaincertifysop.comAPTTrail
Domaincethernet.comAPTTrail
Domaincloudcreative.digitalAPTTrail
Domaincombinedresidency.orgAPTTrail
Domaincopdaemi.topAPTTrail
Domaincorrectiv.sbsAPTTrail
Domaincreativeadb.comAPTTrail
Domaincwise.storeAPTTrail
Domaindashboard.penofach.comAPTTrail
Domaindevhubs.devAPTTrail
Domaindevolredir.comAPTTrail
Domaindigitalsolutionstime.comAPTTrail
Domaindns-msn.comAPTTrail
Domaindnsresolver.onlineAPTTrail
Domaindocstorage.linkAPTTrail
Domaindrv2ms.comAPTTrail

Referencias

Diamond Model

Adversary
cve-2023-36884
Ver perfil →
Victim
APTTrail: CVE-2023-36884 indicators and references
United Kingdom
Capability
Ioc
Infrastructure
1drv.fileshare.direct
1drv.us.com
4qzm.com
adbefnts.dev

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain 1drv.fileshare.direct APTTrail VT OffSec SOCRadar
Domain 1drv.us.com APTTrail VT OffSec SOCRadar
Domain 4qzm.com APTTrail VT OffSec SOCRadar
Domain adbefnts.dev APTTrail VT OffSec SOCRadar
Domain adcreative.pictures APTTrail VT OffSec SOCRadar
Domain adobe.cloudcreative.digital APTTrail VT OffSec SOCRadar
Domain advanced-ip-scaner.com APTTrail VT OffSec SOCRadar
Domain advanced-ip-scanners.com APTTrail VT OffSec SOCRadar
Domain altimata.org APTTrail VT OffSec SOCRadar
Domain apisolving.com APTTrail VT OffSec SOCRadar
Domain aspx.io APTTrail VT OffSec SOCRadar
Domain bentaxworld.com APTTrail VT OffSec SOCRadar
Domain budgetnews.org APTTrail VT OffSec SOCRadar
Domain campanole.com APTTrail VT OffSec SOCRadar
Domain certifysop.com APTTrail VT OffSec SOCRadar
Domain cethernet.com APTTrail VT OffSec SOCRadar
Domain cloudcreative.digital APTTrail VT OffSec SOCRadar
Domain combinedresidency.org APTTrail VT OffSec SOCRadar
Domain copdaemi.top APTTrail VT OffSec SOCRadar
Domain correctiv.sbs APTTrail VT OffSec SOCRadar
Domain creativeadb.com APTTrail VT OffSec SOCRadar
Domain cwise.store APTTrail VT OffSec SOCRadar
Domain dashboard.penofach.com APTTrail VT OffSec SOCRadar
Domain devhubs.dev APTTrail VT OffSec SOCRadar
Domain devolredir.com APTTrail VT OffSec SOCRadar
Domain digitalsolutionstime.com APTTrail VT OffSec SOCRadar
Domain dns-msn.com APTTrail VT OffSec SOCRadar
Domain dnsresolver.online APTTrail VT OffSec SOCRadar
Domain docstorage.link APTTrail VT OffSec SOCRadar
Domain drv2ms.com APTTrail VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor cve-2023-36884 en el blog → Ver cve-2023-36884 en IntelTracker → URL IntelTracker: app.validin.com→ URL IntelTracker: blog.talosintelligence.com→ URL IntelTracker: blogs.blackberry.com→ URL IntelTracker: cert.gov.ua→ URL IntelTracker: cert.gov.ua→ URL IntelTracker: community.emergingthreats.net → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: app.validin.com→ Fuente OSINT: blog.talosintelligence.com→ Fuente OSINT: blogs.blackberry.com→ Fuente OSINT: cert.gov.ua → Buscar cve-2023-36884 en APTTrail → Repositorio APTTrail → Mas incidentes en United Kingdom → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen