jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: entryshell indicators and references

APTTrail: entryshell indicators and references

Ioc 1 min lectura entryshell
Fecha
18 Jun 2026
Actor
entryshell
Tipo
Ioc
Pais
Unknown
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
entryshellActor
UnknownPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a entryshell. Aliases observados: entryshell, sparrowdoor, xiangoop. Conteo por tipo: domain: 14, ipv4: 15.

Key Points

  • https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
  • https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
  • https://www.virustotal.com/gui/file/b696fe2f31279af1e006d89beb0ff0c1915df4f8a6d3a201ccda54505688840c/detection
  • https://www.virustotal.com/gui/file/f81a2e8a2a272e0bdae4e267fa220d6d40e23214087f33bdcdab6c7ad10b60b8/detection
  • https://www.virustotal.com/gui/ip-address/193.239.86.168/relations

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a entryshell. Aliases observados: entryshell, sparrowdoor, xiangoop. Conteo por tipo: domain: 14, ipv4: 15.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domainaftercould.comAPTTrail
Domainamelicen.comAPTTrail
Domaindatacentreonline.comAPTTrail
Domaindateupdata.comAPTTrail
Domainfreedecrease.comAPTTrail
Domaingame.newfreepre.comAPTTrail
Domainimap.dateupdata.comAPTTrail
Domainimap.newlylab.comAPTTrail
Domainimap.webdignusdata.comAPTTrail
Domainmail.reclubpress.comAPTTrail
Domainnewfreepre.comAPTTrail
Domainnewlylab.comAPTTrail
Domainreclubpress.comAPTTrail
Domainwebdignusdata.comAPTTrail
IP103.85.25.166:8444APTTrail
IP107.148.165.158:443APTTrail
IP107.148.165.158:80APTTrail
IP154.223.135.214:443APTTrail
IP154.223.135.214:80APTTrail
IP27.102.113.240:443APTTrail
IP27.102.113.240:80APTTrail
IP27.102.113.57:443APTTrail
IP27.102.113.57:80APTTrail
IP27.102.114.55:443APTTrail
IP27.102.114.55:80APTTrail
IP27.102.115.51:443APTTrail
IP27.102.115.51:80APTTrail
IP27.102.129.120:443APTTrail
IP27.102.129.120:80APTTrail

Referencias

Diamond Model

Adversary
entryshell
Ver perfil →
Victim
APTTrail: entryshell indicators and references
Capability
Ioc
Infrastructure
aftercould.com
amelicen.com
datacentreonline.com
dateupdata.com

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain aftercould.com APTTrail VT OffSec SOCRadar
Domain amelicen.com APTTrail VT OffSec SOCRadar
Domain datacentreonline.com APTTrail VT OffSec SOCRadar
Domain dateupdata.com APTTrail VT OffSec SOCRadar
Domain freedecrease.com APTTrail VT OffSec SOCRadar
Domain game.newfreepre.com APTTrail VT OffSec SOCRadar
Domain imap.dateupdata.com APTTrail VT OffSec SOCRadar
Domain imap.newlylab.com APTTrail VT OffSec SOCRadar
Domain imap.webdignusdata.com APTTrail VT OffSec SOCRadar
Domain mail.reclubpress.com APTTrail VT OffSec SOCRadar
Domain newfreepre.com APTTrail VT OffSec SOCRadar
Domain newlylab.com APTTrail VT OffSec SOCRadar
Domain reclubpress.com APTTrail VT OffSec SOCRadar
Domain webdignusdata.com APTTrail VT OffSec SOCRadar
IP 103.85.25.166:8444 APTTrail VT OffSec SOCRadar
IP 107.148.165.158:443 APTTrail VT OffSec SOCRadar
IP 107.148.165.158:80 APTTrail VT OffSec SOCRadar
IP 154.223.135.214:443 APTTrail VT OffSec SOCRadar
IP 154.223.135.214:80 APTTrail VT OffSec SOCRadar
IP 27.102.113.240:443 APTTrail VT OffSec SOCRadar
IP 27.102.113.240:80 APTTrail VT OffSec SOCRadar
IP 27.102.113.57:443 APTTrail VT OffSec SOCRadar
IP 27.102.113.57:80 APTTrail VT OffSec SOCRadar
IP 27.102.114.55:443 APTTrail VT OffSec SOCRadar
IP 27.102.114.55:80 APTTrail VT OffSec SOCRadar
IP 27.102.115.51:443 APTTrail VT OffSec SOCRadar
IP 27.102.115.51:80 APTTrail VT OffSec SOCRadar
IP 27.102.129.120:443 APTTrail VT OffSec SOCRadar
IP 27.102.129.120:80 APTTrail VT OffSec SOCRadar
IP 193.239.86.168 Extraido del contenido VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor entryshell en el blog → Ver entryshell en IntelTracker → URL IntelTracker: securelist.com→ URL IntelTracker: www.sygnia.co→ URL IntelTracker: www.virustotal.com→ URL IntelTracker: www.virustotal.com→ URL IntelTracker: www.virustotal.com→ URL IntelTracker: www.virustotal.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: securelist.com→ Fuente OSINT: www.sygnia.co→ Fuente OSINT: www.virustotal.com→ Fuente OSINT: www.virustotal.com → Buscar entryshell en APTTrail → Repositorio APTTrail → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

June 2026 Stealer Logs18 Jun 2026 · breach CFGI18 Jun 2026 · breach Berkadia18 Jun 2026 · breach Infinite Campus18 Jun 2026 · breach Horizon Family Medical Group18 Jun 2026 · incransom www.wolfconstruction.net18 Jun 2026 · lynx Amazon owned OneMedical.com18 Jun 2026 · shinyhunters NAIC.org18 Jun 2026 · shinyhunters