jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: BlackGuard indicators and references

APTTrail: BlackGuard indicators and references

Ioc 1 min lectura blackguard
Fecha
18 Jun 2026
Actor
blackguard
Tipo
Ioc
Pais
Russia
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

27IOCs
0TTPs
blackguardActor
RussiaPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a BlackGuard. Aliases observados: BlackGuard, cherryspy, hatvibe. Conteo por tipo: domain: 10, file_path: 1, ipv4: 1, url: 7.

Key Points

  • https://app.validin.com/detail?find=dd9aef0ce3d64a9dd4009357637617fc&type=hash&ref_id=1065472a0a3#tab=host_pairs
  • https://blog.sekoia.io/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations/
  • https://cert.gov.ua/article/4697016 (Ukrainian)
  • https://cert.gov.ua/article/6280129
  • https://search.censys.io/hosts/38.180.206.61

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a BlackGuard. Aliases observados: BlackGuard, cherryspy, hatvibe. Conteo por tipo: domain: 10, file_path: 1, ipv4: 1, url: 7.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domainbackground-services.netAPTTrail
Domaindiagnostic-resolver.comAPTTrail
Domaindownload-resourses.infoAPTTrail
Domainenergieecoinnov.infoAPTTrail
Domainenergieecotech.infoAPTTrail
Domainenrollmentdm.comAPTTrail
Domainlookup.inkAPTTrail
Domainms-webdav-miniredir.comAPTTrail
Domainnet-certificate.servicesAPTTrail
Domaintrust-certificate.netAPTTrail
FILE_PATH/hftqlbgtg.phpAPTTrail
IP38.180.207.137:45323APTTrail
URLhttp://139.99.126.38APTTrail
URLhttp://206.166.251.216APTTrail
URLhttp://38.180.206.61APTTrail
URLhttp://38.180.207.137APTTrail
URLhttp://45.136.198.184APTTrail
URLhttp://5.45.70.178APTTrail
URLhttp://84.32.188.123APTTrail

Referencias

Diamond Model

Adversary
blackguard
Ver perfil →
Victim
APTTrail: BlackGuard indicators and references
Russia
Capability
Ioc
Infrastructure
background-services.net
diagnostic-resolver.com
download-resourses.info
energieecoinnov.info

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

16 enlaces
Domain
www.virustotal.com
IOC compartido
Domain
app.validin.com
IOC compartido
Domain
www.bitdefender.com
IOC compartido
Domain
cert.gov.ua
IOC compartido
Domain
search.censys.io
IOC compartido
Domain
blog.sekoia.io
IOC compartido
IntelTracker / OSINT link
app.validin.com
blackguard
enlace asociado al actor
IntelTracker / OSINT link
blog.sekoia.io
blackguard
enlace asociado al actor
IntelTracker / OSINT link
cert.gov.ua
blackguard
enlace asociado al actor
IntelTracker / OSINT link
cert.gov.ua
blackguard
enlace asociado al actor
IntelTracker / OSINT link
search.censys.io
blackguard
enlace asociado al actor
IntelTracker / OSINT link
search.censys.io
blackguard
enlace asociado al actor
IntelTracker / OSINT link
www.bitdefender.com
blackguard
enlace asociado al actor
IntelTracker / OSINT link
www.virustotal.com
blackguard
enlace asociado al actor
Nodo actual
APTTrail: BlackGuard indicators and references
blackguard · Russia
Victima
APTTrail: apt-c-60 indicators and references
app.validin.com www.virustotal.com
IOC compartido
Victima
APTTrail: lodeinfo indicators and references
search.censys.io www.virustotal.com
IOC compartido
Victima
APTTrail: apt-c-12 indicators and references
www.virustotal.com
IOC compartido
Victima
APTTrail: APT 18 indicators and references
www.virustotal.com
IOC compartido
Victima
APTTrail: APT 30 indicators and references
www.virustotal.com
IOC compartido
Victima
APTTrail: APT 45 indicators and references
www.virustotal.com
IOC compartido
Victima
APTTrail: apt-c-48 indicators and references
app.validin.com
IOC compartido
Victima
APTTrail: eraleig ransomware indicators and references
www.virustotal.com
IOC compartido

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain background-services.net APTTrail VT OffSec SOCRadar
Domain diagnostic-resolver.com APTTrail VT OffSec SOCRadar
Domain download-resourses.info APTTrail VT OffSec SOCRadar
Domain energieecoinnov.info APTTrail VT OffSec SOCRadar
Domain energieecotech.info APTTrail VT OffSec SOCRadar
Domain enrollmentdm.com APTTrail VT OffSec SOCRadar
Domain lookup.ink APTTrail VT OffSec SOCRadar
Domain ms-webdav-miniredir.com APTTrail VT OffSec SOCRadar
Domain net-certificate.services APTTrail VT OffSec SOCRadar
Domain trust-certificate.net APTTrail VT OffSec SOCRadar
FILE_PATH /hftqlbgtg.php APTTrail VT OffSec SOCRadar
IP 38.180.207.137:45323 APTTrail VT OffSec SOCRadar
URL http://139.99.126.38 APTTrail VT OffSec SOCRadar
URL http://206.166.251.216 APTTrail VT OffSec SOCRadar
URL http://38.180.206.61 APTTrail VT OffSec SOCRadar
URL http://38.180.207.137 APTTrail VT OffSec SOCRadar
URL http://45.136.198.184 APTTrail VT OffSec SOCRadar
URL http://5.45.70.178 APTTrail VT OffSec SOCRadar
URL http://84.32.188.123 APTTrail VT OffSec SOCRadar
IP 172.104.62.59 Extraido del contenido VT OffSec SOCRadar
IP 185.158.248.198 Extraido del contenido VT OffSec SOCRadar
Domain app.validin.com Extraido del contenido VT OffSec SOCRadar
Domain blog.sekoia.io Extraido del contenido VT OffSec SOCRadar
Domain cert.gov.ua Extraido del contenido VT OffSec SOCRadar
Domain search.censys.io Extraido del contenido VT OffSec SOCRadar
Domain www.bitdefender.com Extraido del contenido VT OffSec SOCRadar
Domain www.virustotal.com Extraido del contenido VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor blackguard en el blog → Ver blackguard en IntelTracker → URL IntelTracker: app.validin.com→ URL IntelTracker: blog.sekoia.io→ URL IntelTracker: cert.gov.ua→ URL IntelTracker: cert.gov.ua→ URL IntelTracker: search.censys.io→ URL IntelTracker: search.censys.io → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: app.validin.com→ Fuente OSINT: blog.sekoia.io→ Fuente OSINT: cert.gov.ua→ Fuente OSINT: cert.gov.ua → Buscar blackguard en APTTrail → Repositorio APTTrail → Mas incidentes en Russia → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen