Resumen APTTrail
APTTrail mantiene indicadores publicos asociados a darknights. Aliases observados: darknights, dknife, spellbinder, wizardnet. Conteo por tipo: domain: 4, ipv4: 13, url: 10.
Indicadores de Compromiso (IOCs)
| Tipo | Valor | Contexto |
|---|---|---|
| Domain | assetsqq.com | APTTrail |
| Domain | mkdmcdn.com | APTTrail |
| Domain | ssl-dns.com | APTTrail |
| Domain | vv.ssl-dns.com | APTTrail |
| IP | 110.185.104.180:8000 | APTTrail |
| IP | 110.92.64.177:8000 | APTTrail |
| IP | 117.175.185.81:8003 | APTTrail |
| IP | 43.132.205.118:81 | APTTrail |
| IP | 43.155.62.54:81 | APTTrail |
| IP | 47.238.107.83:81 | APTTrail |
| IP | 47.93.54.134:8001 | APTTrail |
| IP | 47.93.54.134:8003 | APTTrail |
| IP | 47.93.54.134:8005 | APTTrail |
| IP | 49.89.41.187:8001 | APTTrail |
| IP | 49.89.41.187:8002 | APTTrail |
| IP | 49.89.41.187:8003 | APTTrail |
| IP | 89.195.5.18:4553 | APTTrail |
| URL | http://110.92.64.117 | APTTrail |
| URL | http://110.92.64.17 | APTTrail |
| URL | http://117.175.185.81 | APTTrail |
| URL | http://210.56.49.72 | APTTrail |
| URL | http://43.132.105.118 | APTTrail |
| URL | http://43.155.62.54 | APTTrail |
| URL | http://47.93.54.134 | APTTrail |
| URL | http://49.89.41.187 | APTTrail |
| URL | http://60.205.148.180 | APTTrail |
| URL | http://61.139.76.99 | APTTrail |
Referencias
- https://blog.talosintelligence.com/knife-cutting-the-edge/
- https://github.com/Cisco-Talos/IOCs/blob/main/2026/02/knife-cutting-the-edge.txt
- https://github.com/eset/malware-ioc/tree/master/thewizards
- https://www.virustotal.com/gui/file/17a2dd45f9f57161b4cc40924296c4deab65beea447efb46d3178a9e76815d06/detection
- https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/
- https://x.com/skocherhan/status/2021067035447525705