jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: chrysalis indicators and references

APTTrail: chrysalis indicators and references

Ioc 2 min lectura chrysalis
Fecha
18 Jun 2026
Actor
chrysalis
Tipo
Ioc
Pais
Unknown
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
chrysalisActor
UnknownPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a chrysalis. Aliases observados: chrysalis, hacked notepad++, warbird. Conteo por tipo: domain: 51, ipv4: 5, url: 3.

Key Points

  • https://notepad-plus-plus.org/news/hijacked-incident-info-update/
  • https://securelist.com/notepad-supply-chain-attack/118708/
  • https://www.accenture.com/t20180131T100734Z__w__/us-en/_acnmedia/PDF-46/Accenture-Security-Elise-Threat-Analysis.pdf
  • https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/operation-lotus-blossom/unit42-operation-lotus-blossom.pdf
  • https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a chrysalis. Aliases observados: chrysalis, hacked notepad++, warbird. Conteo por tipo: domain: 51, ipv4: 5, url: 3.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domain38qmk6.0to9.infoAPTTrail
Domain3qyo4o7.7r7i3.infoAPTTrail
Domain7g91xhp.envuy3.netAPTTrail
Domainaliancesky.comAPTTrail
Domainapi.cloudtrafficservice.comAPTTrail
Domainapi.skycloudcenter.comAPTTrail
Domainapi.wiresguard.comAPTTrail
Domainasean-star.comAPTTrail
Domainaseaneco.orgAPTTrail
Domainaseansec.dynalias.orgAPTTrail
Domainbabysoal.comAPTTrail
Domainbeckhammer.xicp.netAPTTrail
Domainboshman09.comAPTTrail
Domaincdncheck.it.comAPTTrail
Domainchris201.netAPTTrail
Domaincloudtrafficservice.comAPTTrail
Domaincpcl2006.dyndns-free.comAPTTrail
Domaincybertunnel.dyndns.infoAPTTrail
Domaindtdf5vu.nt7yq.infoAPTTrail
Domainharryleed.dyndns.orgAPTTrail
Domainiascas.netAPTTrail
Domainimonju.comAPTTrail
Domainimonju.netAPTTrail
Domaininterhero.netAPTTrail
Domainj.4tc3ldw.g9ml.www0.orgAPTTrail
Domainjackyson.dyndns.infoAPTTrail
Domainkid.dyndns.orgAPTTrail
Domainkjd.dyndns.orgAPTTrail
Domainl.hovux.eln9wj7.7gpj.orgAPTTrail
Domainnewinfo32.eicp.netAPTTrail

Referencias

Diamond Model

Adversary
chrysalis
Ver perfil →
Victim
APTTrail: chrysalis indicators and references
Capability
Ioc
Infrastructure
38qmk6.0to9.info
3qyo4o7.7r7i3.info
7g91xhp.envuy3.net
aliancesky.com

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain 38qmk6.0to9.info APTTrail VT OffSec SOCRadar
Domain 3qyo4o7.7r7i3.info APTTrail VT OffSec SOCRadar
Domain 7g91xhp.envuy3.net APTTrail VT OffSec SOCRadar
Domain aliancesky.com APTTrail VT OffSec SOCRadar
Domain api.cloudtrafficservice.com APTTrail VT OffSec SOCRadar
Domain api.skycloudcenter.com APTTrail VT OffSec SOCRadar
Domain api.wiresguard.com APTTrail VT OffSec SOCRadar
Domain asean-star.com APTTrail VT OffSec SOCRadar
Domain aseaneco.org APTTrail VT OffSec SOCRadar
Domain aseansec.dynalias.org APTTrail VT OffSec SOCRadar
Domain babysoal.com APTTrail VT OffSec SOCRadar
Domain beckhammer.xicp.net APTTrail VT OffSec SOCRadar
Domain boshman09.com APTTrail VT OffSec SOCRadar
Domain cdncheck.it.com APTTrail VT OffSec SOCRadar
Domain chris201.net APTTrail VT OffSec SOCRadar
Domain cloudtrafficservice.com APTTrail VT OffSec SOCRadar
Domain cpcl2006.dyndns-free.com APTTrail VT OffSec SOCRadar
Domain cybertunnel.dyndns.info APTTrail VT OffSec SOCRadar
Domain dtdf5vu.nt7yq.info APTTrail VT OffSec SOCRadar
Domain harryleed.dyndns.org APTTrail VT OffSec SOCRadar
Domain iascas.net APTTrail VT OffSec SOCRadar
Domain imonju.com APTTrail VT OffSec SOCRadar
Domain imonju.net APTTrail VT OffSec SOCRadar
Domain interhero.net APTTrail VT OffSec SOCRadar
Domain j.4tc3ldw.g9ml.www0.org APTTrail VT OffSec SOCRadar
Domain jackyson.dyndns.info APTTrail VT OffSec SOCRadar
Domain kid.dyndns.org APTTrail VT OffSec SOCRadar
Domain kjd.dyndns.org APTTrail VT OffSec SOCRadar
Domain l.hovux.eln9wj7.7gpj.org APTTrail VT OffSec SOCRadar
Domain newinfo32.eicp.net APTTrail VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor chrysalis en el blog → Ver chrysalis en IntelTracker → URL IntelTracker: notepad-plus-plus.org→ URL IntelTracker: securelist.com→ URL IntelTracker: www.accenture.com→ URL IntelTracker: www.paloaltonetworks.com→ URL IntelTracker: www.rapid7.com→ URL IntelTracker: www.validin.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: notepad-plus-plus.org→ Fuente OSINT: securelist.com→ Fuente OSINT: www.accenture.com→ Fuente OSINT: www.paloaltonetworks.com → Buscar chrysalis en APTTrail → Repositorio APTTrail → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen