jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: FlowCloud indicators and references

APTTrail: FlowCloud indicators and references

Ioc 1 min lectura flowcloud
Fecha
18 Jun 2026
Actor
flowcloud
Tipo
Ioc
Pais
Unknown
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
flowcloudActor
UnknownPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a FlowCloud. Aliases observados: FlowCloud, LookBack, LookingFrog, Witchetty. Conteo por tipo: domain: 16, ipv4: 3, url: 4.

Key Points

  • https://github.com/eset/malware-ioc/tree/master/ta410
  • https://otx.alienvault.com/pulse/5edf9678c760e3c7ca6fdf77
  • https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage
  • https://threatpost.com/espionage-group-utilities-spy-tool/156425/
  • https://twitter.com/AnonySecAgency/status/1316292983508013056

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a FlowCloud. Aliases observados: FlowCloud, LookBack, LookingFrog, Witchetty. Conteo por tipo: domain: 16, ipv4: 3, url: 4.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domaina.bigbluedc.comAPTTrail
Domainasce.emailAPTTrail
Domainbigbluedc.comAPTTrail
Domaincahe.microsofts.comAPTTrail
Domaindaveengineer.comAPTTrail
Domaindlaxpcmghd.comAPTTrail
Domainenergysemi.comAPTTrail
Domaineset-sync.comAPTTrail
Domainffca.caibi379.comAPTTrail
Domainnsfwgo.comAPTTrail
Domainpowersafetraining.netAPTTrail
Domainpowersafetrainings.orgAPTTrail
Domains.eset-sync.comAPTTrail
Domainsmtp.nsfwgo.comAPTTrail
Domaintranslateupdate.comAPTTrail
Domainupdate.translateupdate.comAPTTrail
IP103.139.2.93:1702APTTrail
IP188.131.233.27:55555APTTrail
IP188.131.233.27:55556APTTrail
URLhttp://161.82.181.4APTTrail
URLhttp://43.254.216.104APTTrail
URLhttp://43.254.219.153APTTrail
URLhttp://45.124.115.103APTTrail

Referencias

Diamond Model

Adversary
flowcloud
Ver perfil →
Victim
APTTrail: FlowCloud indicators and references
Capability
Ioc
Infrastructure
a.bigbluedc.com
asce.email
bigbluedc.com
cahe.microsofts.com

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

16 enlaces
Domain
github.com
IOC compartido
Domain
otx.alienvault.com
IOC compartido
Domain
twitter.com
IOC compartido
Domain
www.virustotal.com
IOC compartido
Domain
symantec-enterprise-blogs.security.com
IOC compartido
Domain
www.proofpoint.com
IOC compartido
IntelTracker / OSINT link
github.com
flowcloud
enlace asociado al actor
IntelTracker / OSINT link
otx.alienvault.com
flowcloud
enlace asociado al actor
IntelTracker / OSINT link
symantec-enterprise-blogs.security.com
flowcloud
enlace asociado al actor
IntelTracker / OSINT link
threatpost.com
flowcloud
enlace asociado al actor
IntelTracker / OSINT link
twitter.com
flowcloud
enlace asociado al actor
IntelTracker / OSINT link
www.proofpoint.com
flowcloud
enlace asociado al actor
IntelTracker / OSINT link
www.virustotal.com
flowcloud
enlace asociado al actor
IntelTracker / OSINT link
www.virustotal.com
flowcloud
enlace asociado al actor
Nodo actual
APTTrail: FlowCloud indicators and references
flowcloud
Victima
APTTrail: apt-c-12 indicators and references
github.com otx.alienvault.com
IOC compartido
Victima
APTTrail: Bronze Highland indicators and references
otx.alienvault.com symantec-enterprise-blogs.security.com
IOC compartido
Victima
APTTrail: APT TA416 indicators and references
otx.alienvault.com twitter.com
IOC compartido
Victima
APTTrail: eraleig ransomware indicators and references
github.com twitter.com
IOC compartido
Victima
APTTrail: backconfig indicators and references
otx.alienvault.com twitter.com
IOC compartido
Victima
APTTrail: APT HIGAISA indicators and references
github.com otx.alienvault.com
IOC compartido
Victima
APTTrail: Karakurt Lair indicators and references
otx.alienvault.com twitter.com
IOC compartido
Victima
APTTrail: APT LAZYSCRIPTER indicators and references
otx.alienvault.com twitter.com
IOC compartido

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain a.bigbluedc.com APTTrail VT OffSec SOCRadar
Domain asce.email APTTrail VT OffSec SOCRadar
Domain bigbluedc.com APTTrail VT OffSec SOCRadar
Domain cahe.microsofts.com APTTrail VT OffSec SOCRadar
Domain daveengineer.com APTTrail VT OffSec SOCRadar
Domain dlaxpcmghd.com APTTrail VT OffSec SOCRadar
Domain energysemi.com APTTrail VT OffSec SOCRadar
Domain eset-sync.com APTTrail VT OffSec SOCRadar
Domain ffca.caibi379.com APTTrail VT OffSec SOCRadar
Domain nsfwgo.com APTTrail VT OffSec SOCRadar
Domain powersafetraining.net APTTrail VT OffSec SOCRadar
Domain powersafetrainings.org APTTrail VT OffSec SOCRadar
Domain s.eset-sync.com APTTrail VT OffSec SOCRadar
Domain smtp.nsfwgo.com APTTrail VT OffSec SOCRadar
Domain translateupdate.com APTTrail VT OffSec SOCRadar
Domain update.translateupdate.com APTTrail VT OffSec SOCRadar
IP 103.139.2.93:1702 APTTrail VT OffSec SOCRadar
IP 188.131.233.27:55555 APTTrail VT OffSec SOCRadar
IP 188.131.233.27:55556 APTTrail VT OffSec SOCRadar
URL http://161.82.181.4 APTTrail VT OffSec SOCRadar
URL http://43.254.216.104 APTTrail VT OffSec SOCRadar
URL http://43.254.219.153 APTTrail VT OffSec SOCRadar
URL http://45.124.115.103 APTTrail VT OffSec SOCRadar
Domain github.com Extraido del contenido VT OffSec SOCRadar
Domain otx.alienvault.com Extraido del contenido VT OffSec SOCRadar
Domain symantec-enterprise-blogs.security.com Extraido del contenido VT OffSec SOCRadar
Domain threatpost.com Extraido del contenido VT OffSec SOCRadar
Domain twitter.com Extraido del contenido VT OffSec SOCRadar
Domain www.proofpoint.com Extraido del contenido VT OffSec SOCRadar
Domain www.virustotal.com Extraido del contenido VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor flowcloud en el blog → Ver flowcloud en IntelTracker → URL IntelTracker: github.com→ URL IntelTracker: otx.alienvault.com→ URL IntelTracker: symantec-enterprise-blogs.security.com→ URL IntelTracker: threatpost.com→ URL IntelTracker: twitter.com→ URL IntelTracker: www.proofpoint.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: github.com→ Fuente OSINT: otx.alienvault.com→ Fuente OSINT: symantec-enterprise-blogs.security.com→ Fuente OSINT: threatpost.com → Buscar flowcloud en APTTrail → Repositorio APTTrail → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen