Resumen APTTrail
APTTrail mantiene indicadores publicos asociados a APT FINFISHER. Aliases observados: APT FINFISHER. Conteo por tipo: domain: 11, ipv4: 10, url: 2.
Indicadores de Compromiso (IOCs)
| Tipo | Valor | Contexto |
|---|---|---|
| Domain | browserupdate.download | APTTrail |
| Domain | ff-demo.blogdns.org | APTTrail |
| Domain | google.wwwhost.biz | APTTrail |
| Domain | info.dynamic-dns.net | APTTrail |
| Domain | news-youm7.com | APTTrail |
| Domain | pal2me.net | APTTrail |
| Domain | pal4u.net | APTTrail |
| Domain | shop8d.net | APTTrail |
| Domain | tiger.gamma-international.de | APTTrail |
| Domain | workingulf.net | APTTrail |
| Domain | wp.piedslibres.com | APTTrail |
| IP | 108.61.190.183:443 | APTTrail |
| IP | 109.235.67.175:443 | APTTrail |
| IP | 184.82.101.234:443 | APTTrail |
| IP | 184.82.101.234:53 | APTTrail |
| IP | 185.141.24.204:443 | APTTrail |
| IP | 185.25.51.104:443 | APTTrail |
| IP | 213.252.247.105:443 | APTTrail |
| IP | 45.86.136.138:443 | APTTrail |
| IP | 45.86.163.138:443 | APTTrail |
| IP | 79.143.87.216:443 | APTTrail |
| URL | http://158.69.105.207 | APTTrail |
| URL | http://172.241.27.171 | APTTrail |
Referencias
- http://securityaffairs.co/wordpress/8085/intelligence/finfisher-the-case-of-a-cyber-espionage-found-everywhere.html
- https://app.any.run/tasks/a717ebe4-e74f-4b0a-8233-b138906861a8/
- https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/
- https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/
- https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher
- https://otx.alienvault.com/pulse/5f6e34fc8c150f8d8fb9c337
- https://otx.alienvault.com/pulse/6153383f0a31835f61921552
- https://securelist.com/finspy-unseen-findings/104322/
- https://twitter.com/billmarczak/status/511798673504620545
- https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/