Resumen APTTrail
APTTrail mantiene indicadores publicos asociados a backconfig. Aliases observados: backconfig, monsoon, neon, viceroy tiger. Conteo por tipo: domain: 3, ipv4: 2, url: 3.
Indicadores de Compromiso (IOCs)
| Tipo | Valor | Contexto |
|---|---|---|
| Domain | linkrequest.live | APTTrail |
| Domain | matissues.com | APTTrail |
| Domain | unique.fontsupdate.com | APTTrail |
| IP | 212.114.52.20:445 | APTTrail |
| IP | 45.153.241.33:8080 | APTTrail |
| URL | http://185.203.119.184 | APTTrail |
| URL | http://212.114.52.148 | APTTrail |
| URL | http://212.114.52.20 | APTTrail |
Referencias
- https://otx.alienvault.com/pulse/5ebac662ee27db27e3174795
- https://twitter.com/K_N1kolenko/status/1187339471647313921
- https://twitter.com/blackorbird/status/1260217348792844289
- https://twitter.com/ccxsaber/status/1187573497851068417
- https://twitter.com/h2jazi/status/1317139550221762562
- https://twitter.com/souiten/status/1538794719009837056
- https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/
- https://www.virustotal.com/gui/file/3f72a3784bb1156554eafe678af89d51edbc5df821af9a426cd29135d5e8fdc0/detection
- https://www.virustotal.com/gui/file/9e141fe67521b75412419a8c88c199c8ebd2a135c7a8b58edced454fbc33cb77/detection
- https://www.virustotal.com/gui/file/be85325fb5c7b18bf0f5f27df6a51d39bc5ce5885b9ddc7c4872131d3a05bd3e/detection
- https://www.virustotal.com/gui/file/d87b875b8641c538f90fe68cad4e9bdc89237dba137e934f80996e8731059861/detection