jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: DNSep indicators and references

APTTrail: DNSep indicators and references

Ioc 1 min lectura dnsep
Fecha
18 Jun 2026
Actor
dnsep
Tipo
Ioc
Pais
Japan
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
dnsepActor
JapanPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a DNSep. Aliases observados: DNSep, ironhusky, nccTrojan, phantomnet, piratepanda, portdoor, smanager. Conteo por tipo: domain: 86, ipv4: 13, url: 6.

Key Points

  • https://app.any.run/tasks/8937295d-ea36-4398-96bd-20e7f3b193cb/
  • https://app.any.run/tasks/a4701084-98e4-49d2-9938-c7ca5239e2a0/
  • https://blog.group-ib.com/task (# Albaniiutas/BlueTraveller/RemShell/Tmanger/Mail-O/Webdav-O)
  • https://github.com/DoctorWebLtd/malware-iocs/blob/master/APT_DNSep/README.adoc
  • https://ics-cert.kaspersky.com/publications/reports/2022/08/08/targeted-attack-on-industrial-enterprises-and-public-institutions/

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a DNSep. Aliases observados: DNSep, ironhusky, nccTrojan, phantomnet, piratepanda, portdoor, smanager. Conteo por tipo: domain: 86, ipv4: 13, url: 6.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domainaircraft.tsagagaar.comAPTTrail
Domainaiwqi.aurobindos.comAPTTrail
Domainatlas.golianbooks.comAPTTrail
Domainatob.kommesantor.comAPTTrail
Domainaurobindos.comAPTTrail
Domainbeijingspring.niccenter.netAPTTrail
Domainbloomberg.mefound.comAPTTrail
Domainbloomberg.ns02.bizAPTTrail
Domaincniitiic.comAPTTrail
Domaincoms.documentmeda.comAPTTrail
Domaincustom.songuulcomiss.comAPTTrail
Domaindarknightcloud.comAPTTrail
Domaindefensysminck.netAPTTrail
Domaindm.golianbooks.comAPTTrail
Domaindoc.redstrpela.netAPTTrail
Domaindocumentmeda.comAPTTrail
Domaindog.darknightcloud.comAPTTrail
Domaindotomater.clubAPTTrail
Domainecustoms-mn.comAPTTrail
Domaineye.darknightcloud.comAPTTrail
Domainf1news.vzglagtime.netAPTTrail
Domainfax.internnetionfax.comAPTTrail
Domainfoudation.sdelanasnou.comAPTTrail
Domainfreenow.chickenkiller.comAPTTrail
Domainfuji1.aurobindos.comAPTTrail
Domaingazar.ecustoms-mn.comAPTTrail
Domaingo.vegispaceshop.orgAPTTrail
Domaingogonews.organiccrap.comAPTTrail
Domaingolianbooks.comAPTTrail
Domaingovi-altai.ecustoms-mn.comAPTTrail

Referencias

Diamond Model

Adversary
dnsep
Ver perfil →
Victim
APTTrail: DNSep indicators and references
Japan
Capability
Ioc
Infrastructure
aircraft.tsagagaar.com
aiwqi.aurobindos.com
atlas.golianbooks.com
atob.kommesantor.com

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain aircraft.tsagagaar.com APTTrail VT OffSec SOCRadar
Domain aiwqi.aurobindos.com APTTrail VT OffSec SOCRadar
Domain atlas.golianbooks.com APTTrail VT OffSec SOCRadar
Domain atob.kommesantor.com APTTrail VT OffSec SOCRadar
Domain aurobindos.com APTTrail VT OffSec SOCRadar
Domain beijingspring.niccenter.net APTTrail VT OffSec SOCRadar
Domain bloomberg.mefound.com APTTrail VT OffSec SOCRadar
Domain bloomberg.ns02.biz APTTrail VT OffSec SOCRadar
Domain cniitiic.com APTTrail VT OffSec SOCRadar
Domain coms.documentmeda.com APTTrail VT OffSec SOCRadar
Domain custom.songuulcomiss.com APTTrail VT OffSec SOCRadar
Domain darknightcloud.com APTTrail VT OffSec SOCRadar
Domain defensysminck.net APTTrail VT OffSec SOCRadar
Domain dm.golianbooks.com APTTrail VT OffSec SOCRadar
Domain doc.redstrpela.net APTTrail VT OffSec SOCRadar
Domain documentmeda.com APTTrail VT OffSec SOCRadar
Domain dog.darknightcloud.com APTTrail VT OffSec SOCRadar
Domain dotomater.club APTTrail VT OffSec SOCRadar
Domain ecustoms-mn.com APTTrail VT OffSec SOCRadar
Domain eye.darknightcloud.com APTTrail VT OffSec SOCRadar
Domain f1news.vzglagtime.net APTTrail VT OffSec SOCRadar
Domain fax.internnetionfax.com APTTrail VT OffSec SOCRadar
Domain foudation.sdelanasnou.com APTTrail VT OffSec SOCRadar
Domain freenow.chickenkiller.com APTTrail VT OffSec SOCRadar
Domain fuji1.aurobindos.com APTTrail VT OffSec SOCRadar
Domain gazar.ecustoms-mn.com APTTrail VT OffSec SOCRadar
Domain go.vegispaceshop.org APTTrail VT OffSec SOCRadar
Domain gogonews.organiccrap.com APTTrail VT OffSec SOCRadar
Domain golianbooks.com APTTrail VT OffSec SOCRadar
Domain govi-altai.ecustoms-mn.com APTTrail VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor dnsep en el blog → Ver dnsep en IntelTracker → URL IntelTracker: app.any.run→ URL IntelTracker: app.any.run→ URL IntelTracker: blog.group-ib.com→ URL IntelTracker: github.com→ URL IntelTracker: ics-cert.kaspersky.com→ URL IntelTracker: insight-jp.nttsecurity.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: app.any.run→ Fuente OSINT: app.any.run→ Fuente OSINT: blog.group-ib.com→ Fuente OSINT: github.com → Buscar dnsep en APTTrail → Repositorio APTTrail → Mas incidentes en Japan → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen