jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: earthkapre indicators and references

APTTrail: earthkapre indicators and references

Ioc 2 min lectura earthkapre
Fecha
18 Jun 2026
Actor
earthkapre
Tipo
Ioc
Pais
United Kingdom
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
earthkapreActor
United KingdomPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a earthkapre. Aliases observados: earthkapre, goldblade, redcurl, redloader, redwolf. Conteo por tipo: domain: 58, ipv4: 2.

Key Points

  • https://bi-zone.medium.com/hunting-the-hunter-bi-zone-traces-the-footsteps-of-red-wolf-3677783e164d
  • https://community.emergingthreats.net/t/ruleset-update-summary-2023-09-07-v10412/926
  • https://community.emergingthreats.net/t/ruleset-update-summary-2023-09-08-v10413/928
  • https://github.com/eSentire/iocs/blob/main/EarthKapre/EarthKapre-RedCurl-IoCs-02-05-2025.txt
  • https://twitter.com/k3yp0d/status/1708495262673465713

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a earthkapre. Aliases observados: earthkapre, goldblade, redcurl, redloader, redwolf. Conteo por tipo: domain: 58, ipv4: 2.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domainalphastoned.proAPTTrail
Domainamscloudhost.comAPTTrail
Domainapp-ins-001.amscloudhost.comAPTTrail
Domainapp-ins-002.amscloudhost.comAPTTrail
Domainapp-l01.msftcloud.clickAPTTrail
Domainapp-l03.msftcloud.clickAPTTrail
Domainapp-l03.servicehost.clickAPTTrail
Domainapp-l07.servicehost.clickAPTTrail
Domainautomatinghrservices.workers.devAPTTrail
Domainbora.teracloud.jpAPTTrail
Domainbuyhighroad.scienceontheweb.netAPTTrail
Domaincdn.wgroadcdn.workers.devAPTTrail
Domainclever.forcloudnetworks.onlineAPTTrail
Domaincloud-01.servicehost.clickAPTTrail
Domaincommunity.rmobileappdevelopment.workers.devAPTTrail
Domainctrl1.sm.advhost.co.ukAPTTrail
Domaincvsend.resumeexpert.cloudAPTTrail
Domaindatascience.iotconnectivity.workers.devAPTTrail
Domaindav.automatinghrservices.workers.devAPTTrail
Domaindav.cloud-01.servicehost.clickAPTTrail
Domaindav.linkedin-cloud-manager.servicehost.clickAPTTrail
Domaineap.byethost10.comAPTTrail
Domainearthmart.c1.bizAPTTrail
Domainfiona.forcloudnetworks.onlineAPTTrail
Domainforcloudnetworks.onlineAPTTrail
Domainhfn-c-001.cc.msftcloud.clickAPTTrail
Domainhwsrv-1048332.hostwindsdns.comAPTTrail
Domainksg-c-001.cc.msftcloud.clickAPTTrail
Domainksg-c-002.cc.msftcloud.clickAPTTrail
Domainktr-cn-001.amscloudhost.comAPTTrail

Referencias

Diamond Model

Adversary
earthkapre
Ver perfil →
Victim
APTTrail: earthkapre indicators and references
United Kingdom
Capability
Ioc
Infrastructure
alphastoned.pro
amscloudhost.com
app-ins-001.amscloudhost.com
app-ins-002.amscloudhost.com

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain alphastoned.pro APTTrail VT OffSec SOCRadar
Domain amscloudhost.com APTTrail VT OffSec SOCRadar
Domain app-ins-001.amscloudhost.com APTTrail VT OffSec SOCRadar
Domain app-ins-002.amscloudhost.com APTTrail VT OffSec SOCRadar
Domain app-l01.msftcloud.click APTTrail VT OffSec SOCRadar
Domain app-l03.msftcloud.click APTTrail VT OffSec SOCRadar
Domain app-l03.servicehost.click APTTrail VT OffSec SOCRadar
Domain app-l07.servicehost.click APTTrail VT OffSec SOCRadar
Domain automatinghrservices.workers.dev APTTrail VT OffSec SOCRadar
Domain bora.teracloud.jp APTTrail VT OffSec SOCRadar
Domain buyhighroad.scienceontheweb.net APTTrail VT OffSec SOCRadar
Domain cdn.wgroadcdn.workers.dev APTTrail VT OffSec SOCRadar
Domain clever.forcloudnetworks.online APTTrail VT OffSec SOCRadar
Domain cloud-01.servicehost.click APTTrail VT OffSec SOCRadar
Domain community.rmobileappdevelopment.workers.dev APTTrail VT OffSec SOCRadar
Domain ctrl1.sm.advhost.co.uk APTTrail VT OffSec SOCRadar
Domain cvsend.resumeexpert.cloud APTTrail VT OffSec SOCRadar
Domain datascience.iotconnectivity.workers.dev APTTrail VT OffSec SOCRadar
Domain dav.automatinghrservices.workers.dev APTTrail VT OffSec SOCRadar
Domain dav.cloud-01.servicehost.click APTTrail VT OffSec SOCRadar
Domain dav.linkedin-cloud-manager.servicehost.click APTTrail VT OffSec SOCRadar
Domain eap.byethost10.com APTTrail VT OffSec SOCRadar
Domain earthmart.c1.biz APTTrail VT OffSec SOCRadar
Domain fiona.forcloudnetworks.online APTTrail VT OffSec SOCRadar
Domain forcloudnetworks.online APTTrail VT OffSec SOCRadar
Domain hfn-c-001.cc.msftcloud.click APTTrail VT OffSec SOCRadar
Domain hwsrv-1048332.hostwindsdns.com APTTrail VT OffSec SOCRadar
Domain ksg-c-001.cc.msftcloud.click APTTrail VT OffSec SOCRadar
Domain ksg-c-002.cc.msftcloud.click APTTrail VT OffSec SOCRadar
Domain ktr-cn-001.amscloudhost.com APTTrail VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor earthkapre en el blog → Ver earthkapre en IntelTracker → URL IntelTracker: bi-zone.medium.com→ URL IntelTracker: community.emergingthreats.net→ URL IntelTracker: community.emergingthreats.net→ URL IntelTracker: github.com→ URL IntelTracker: twitter.com→ URL IntelTracker: twitter.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: bi-zone.medium.com→ Fuente OSINT: community.emergingthreats.net→ Fuente OSINT: community.emergingthreats.net→ Fuente OSINT: github.com → Buscar earthkapre en APTTrail → Repositorio APTTrail → Mas incidentes en United Kingdom → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen