jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: HeaderTip indicators and references

APTTrail: HeaderTip indicators and references

Ioc 2 min lectura headertip
Fecha
18 Jun 2026
Actor
headertip
Tipo
Ioc
Pais
United Kingdom
Sector
Media
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
headertipActor
United KingdomPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a HeaderTip. Aliases observados: HeaderTip, cosmicbeetle, scarab, spacecolon. Conteo por tipo: domain: 55, ipv4: 1, url: 3.

Key Points

  • http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Scarab_IOCs_January_2015.txt
  • https://cert.gov.ua/article/38097 (Ukrainian)
  • https://github.com/eset/malware-ioc/tree/master/cosmicbeetle
  • https://otx.alienvault.com/pulse/64e62628ed1119d03d3db75a
  • https://threatfox.abuse.ch/browse/malware/win.scarab_ransom/ (# 2024-01-01)

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a HeaderTip. Aliases observados: HeaderTip, cosmicbeetle, scarab, spacecolon. Conteo por tipo: domain: 55, ipv4: 1, url: 3.

Indicadores de Compromiso (IOCs)

TipoValorContexto
DomainMarkshell.etowns.netAPTTrail
Domainakamaicdnup.comAPTTrail
Domainapple.dynamic-dns.netAPTTrail
Domainautocar.ServeUser.comAPTTrail
Domainautocar.suroot.comAPTTrail
Domainb.688.orgAPTTrail
Domainblackblog.chatnook.comAPTTrail
Domainbulldog.toh.infoAPTTrail
Domaincdnupdate.netAPTTrail
Domaincew58e.xxxy.infoAPTTrail
Domaincoastnews.darktech.orgAPTTrail
Domaind.piii.netAPTTrail
Domaind1lhk2kflvant7.cloudfront.netAPTTrail
Domaindemon.4irc.comAPTTrail
Domaindynamic.ddns.mobiAPTTrail
Domainebook.port25.bizAPTTrail
Domainexpert.4irc.comAPTTrail
Domainfootball.mrbasic.comAPTTrail
Domaingjjb.flnet.orgAPTTrail
Domainimirnov.ddns.infoAPTTrail
Domainjingnan88.chatnook.comAPTTrail
Domainlehnjb.epac.toAPTTrail
Domainlockbitblog.infoAPTTrail
Domainlogoff.25u.comAPTTrail
Domainlogoff.ddns.infoAPTTrail
Domainls910329.my03.comAPTTrail
Domainmailru.25u.comAPTTrail
Domainmert.my03.comAPTTrail
Domainmydear.ddns.infoAPTTrail
Domainnazgul.zyns.comAPTTrail

Referencias

Diamond Model

Adversary
headertip
Ver perfil →
Victim
APTTrail: HeaderTip indicators and references
United Kingdom
Capability
Ioc
Infrastructure
Markshell.etowns.net
akamaicdnup.com
apple.dynamic-dns.net
autocar.ServeUser.com

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain Markshell.etowns.net APTTrail VT OffSec SOCRadar
Domain akamaicdnup.com APTTrail VT OffSec SOCRadar
Domain apple.dynamic-dns.net APTTrail VT OffSec SOCRadar
Domain autocar.ServeUser.com APTTrail VT OffSec SOCRadar
Domain autocar.suroot.com APTTrail VT OffSec SOCRadar
Domain b.688.org APTTrail VT OffSec SOCRadar
Domain blackblog.chatnook.com APTTrail VT OffSec SOCRadar
Domain bulldog.toh.info APTTrail VT OffSec SOCRadar
Domain cdnupdate.net APTTrail VT OffSec SOCRadar
Domain cew58e.xxxy.info APTTrail VT OffSec SOCRadar
Domain coastnews.darktech.org APTTrail VT OffSec SOCRadar
Domain d.piii.net APTTrail VT OffSec SOCRadar
Domain d1lhk2kflvant7.cloudfront.net APTTrail VT OffSec SOCRadar
Domain demon.4irc.com APTTrail VT OffSec SOCRadar
Domain dynamic.ddns.mobi APTTrail VT OffSec SOCRadar
Domain ebook.port25.biz APTTrail VT OffSec SOCRadar
Domain expert.4irc.com APTTrail VT OffSec SOCRadar
Domain football.mrbasic.com APTTrail VT OffSec SOCRadar
Domain gjjb.flnet.org APTTrail VT OffSec SOCRadar
Domain imirnov.ddns.info APTTrail VT OffSec SOCRadar
Domain jingnan88.chatnook.com APTTrail VT OffSec SOCRadar
Domain lehnjb.epac.to APTTrail VT OffSec SOCRadar
Domain lockbitblog.info APTTrail VT OffSec SOCRadar
Domain logoff.25u.com APTTrail VT OffSec SOCRadar
Domain logoff.ddns.info APTTrail VT OffSec SOCRadar
Domain ls910329.my03.com APTTrail VT OffSec SOCRadar
Domain mailru.25u.com APTTrail VT OffSec SOCRadar
Domain mert.my03.com APTTrail VT OffSec SOCRadar
Domain mydear.ddns.info APTTrail VT OffSec SOCRadar
Domain nazgul.zyns.com APTTrail VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor headertip en el blog → Ver headertip en IntelTracker → URL IntelTracker: www.symantec.com→ URL IntelTracker: cert.gov.ua→ URL IntelTracker: github.com→ URL IntelTracker: otx.alienvault.com→ URL IntelTracker: threatfox.abuse.ch→ URL IntelTracker: twitter.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: www.symantec.com→ Fuente OSINT: cert.gov.ua→ Fuente OSINT: github.com→ Fuente OSINT: otx.alienvault.com → Buscar headertip en APTTrail → Repositorio APTTrail → Mas incidentes en United Kingdom → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen