Resumen APTTrail
APTTrail mantiene indicadores publicos asociados a APT RANCOR. Aliases observados: APT RANCOR. Conteo por tipo: domain: 18, ipv4: 1, url: 2.
Indicadores de Compromiso (IOCs)
| Tipo | Valor | Contexto |
|---|---|---|
| Domain | 754d56-8523.sexidude.com | APTTrail |
| Domain | bafunpda.xyz | APTTrail |
| Domain | charleseedwards.dynamic-dns.net | APTTrail |
| Domain | dsdfdscxcv.justdied.com | APTTrail |
| Domain | dsgsdgergrfv.toythieves.com | APTTrail |
| Domain | facebook-apps.com | APTTrail |
| Domain | ftp.chinhphu.ddns.ms | APTTrail |
| Domain | goole.authorizeddns.us | APTTrail |
| Domain | jdanief.xyz | APTTrail |
| Domain | kfesv.xyz | APTTrail |
| Domain | kibistation.onmypc.net | APTTrail |
| Domain | microsoft.authorizeddns.us | APTTrail |
| Domain | microsoft.https443.org | APTTrail |
| Domain | msdns.otzo.com | APTTrail |
| Domain | nicetiss54.lflink.com | APTTrail |
| Domain | oui6473rf.xxuz.com | APTTrail |
| Domain | sfstnksfcv.jungleheart.com | APTTrail |
| Domain | vvcxvsdvx.dynamic-dns.net | APTTrail |
| IP | 139.162.14.25 | APTTrail |
| URL | http://167.71.237.100 | APTTrail |
| URL | http://199.247.6.253 | APTTrail |
Referencias
- https://meltx0r.github.io/tech/2019/09/11/rancor-apt.html
- https://otx.alienvault.com/pulse/5d94cb1196acaec6cb740e33
- https://otx.alienvault.com/pulse/5dfa52f208b44bd6293eb130
- https://research.checkpoint.com/rancor-the-year-of-the-phish/
- https://twitter.com/MeltX0R/status/1172046597942915072
- https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/
- https://unit42.paloaltonetworks.com/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/
- https://www.virustotal.com/gui/ip-address/139.162.14.25/relations