jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: APT 18 indicators and references

APTTrail: APT 18 indicators and references

Ioc 1 min lectura apt-18
Fecha
18 Jun 2026
Actor
apt-18
Tipo
Ioc
Pais
Unknown
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

22IOCs
0TTPs
apt-18Actor
UnknownPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a APT 18. Aliases observados: APT 18. Conteo por tipo: domain: 14, ipv4: 1, url: 2.

Key Points

  • https://github.com/fireeye/iocs/blob/master/APT18/0ae061d7-c624-4a84-8adf-00281b97797b.ioc
  • https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html (# APT18's campaign)
  • https://www.virustotal.com/gui/ip-address/137.175.4.132/relations
  • https://www.virustotal.com/gui/ip-address/223.25.233.248/relations

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a APT 18. Aliases observados: APT 18. Conteo por tipo: domain: 14, ipv4: 1, url: 2.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domain128.er1620.comAPTTrail
Domain223-25-233-248.revdns.8toinfinity.com.sgAPTTrail
Domainadmin.er1620.comAPTTrail
Domainexp0day.comAPTTrail
Domainftp.exp0day.comAPTTrail
Domaingmail.bkz88.comAPTTrail
Domaingood.myftp.orgAPTTrail
Domainhello.mjw.bzAPTTrail
Domaininfo.imly.orgAPTTrail
Domainlogin.3bz.orgAPTTrail
Domainlogo.mjw.bzAPTTrail
Domainsuck.er1620.comAPTTrail
Domaintest.3bz.orgAPTTrail
Domainzip.redirectme.netAPTTrail
IP223.25.233.248:8080APTTrail
URLhttp://137.175.4.132APTTrail
URLhttp://223.25.233.248APTTrail

Referencias

Diamond Model

Adversary
apt-18
Ver perfil →
Victim
APTTrail: APT 18 indicators and references
Capability
Ioc
Infrastructure
128.er1620.com
223-25-233-248.revdns.8toinfinity.com.sg
admin.er1620.com
exp0day.com

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

14 enlaces
Domain
github.com
IOC compartido
Domain
www.fireeye.com
IOC compartido
Domain
www.virustotal.com
IOC compartido
IntelTracker / OSINT link
github.com
apt-18
enlace asociado al actor
IntelTracker / OSINT link
www.fireeye.com
apt-18
enlace asociado al actor
IntelTracker / OSINT link
www.virustotal.com
apt-18
enlace asociado al actor
IntelTracker / OSINT link
www.virustotal.com
apt-18
enlace asociado al actor
IntelTracker / OSINT link
github.com
apt-18
enlace asociado al actor
IntelTracker / OSINT link
raw.githubusercontent.com
apt-18
enlace asociado al actor
Nodo actual
APTTrail: APT 18 indicators and references
apt-18
Victima
APTTrail: apt-c-12 indicators and references
github.com www.fireeye.com
IOC compartido
Victima
APTTrail: APT REAPER indicators and references
github.com www.fireeye.com
IOC compartido
Victima
APTTrail: eraleig ransomware indicators and references
github.com www.virustotal.com
IOC compartido
Victima
APTTrail: vampirebot indicators and references
github.com www.virustotal.com
IOC compartido
Victima
APTTrail: dinodas indicators and references
github.com www.virustotal.com
IOC compartido
Victima
APTTrail: APT GROUNDBAIT indicators and references
github.com www.virustotal.com
IOC compartido
Victima
APTTrail: APT HIGAISA indicators and references
github.com www.virustotal.com
IOC compartido
Victima
APTTrail: apt-5 indicators and references
github.com www.virustotal.com
IOC compartido

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain 128.er1620.com APTTrail VT OffSec SOCRadar
Domain 223-25-233-248.revdns.8toinfinity.com.sg APTTrail VT OffSec SOCRadar
Domain admin.er1620.com APTTrail VT OffSec SOCRadar
Domain exp0day.com APTTrail VT OffSec SOCRadar
Domain ftp.exp0day.com APTTrail VT OffSec SOCRadar
Domain gmail.bkz88.com APTTrail VT OffSec SOCRadar
Domain good.myftp.org APTTrail VT OffSec SOCRadar
Domain hello.mjw.bz APTTrail VT OffSec SOCRadar
Domain info.imly.org APTTrail VT OffSec SOCRadar
Domain login.3bz.org APTTrail VT OffSec SOCRadar
Domain logo.mjw.bz APTTrail VT OffSec SOCRadar
Domain suck.er1620.com APTTrail VT OffSec SOCRadar
Domain test.3bz.org APTTrail VT OffSec SOCRadar
Domain zip.redirectme.net APTTrail VT OffSec SOCRadar
IP 223.25.233.248:8080 APTTrail VT OffSec SOCRadar
URL http://137.175.4.132 APTTrail VT OffSec SOCRadar
URL http://223.25.233.248 APTTrail VT OffSec SOCRadar
IP 137.175.4.132 Extraido del contenido VT OffSec SOCRadar
IP 223.25.233.248 Extraido del contenido VT OffSec SOCRadar
Domain github.com Extraido del contenido VT OffSec SOCRadar
Domain www.fireeye.com Extraido del contenido VT OffSec SOCRadar
Domain www.virustotal.com Extraido del contenido VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor apt-18 en el blog → Ver apt-18 en IntelTracker → URL IntelTracker: github.com→ URL IntelTracker: www.fireeye.com→ URL IntelTracker: www.virustotal.com→ URL IntelTracker: www.virustotal.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: github.com→ Fuente OSINT: www.fireeye.com→ Fuente OSINT: www.virustotal.com→ Fuente OSINT: www.virustotal.com → Buscar apt-18 en APTTrail → Repositorio APTTrail → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen