Live
jordiserrano.meClickFixKAIROSIntelTracker 🌐 Traducir PanelActoresCampanasCompararEstadisticasBreachesRSSAPI
10,491Incidentes
653Actores
169Paises
25 JunActualizado
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
2026-05-27: 5 2026-05-28: 22 2026-05-29: 118 2026-05-30: 16 2026-05-31: 7 2026-06-01: 39 2026-06-02: 20 2026-06-03: 34 2026-06-04: 38 2026-06-05: 200 2026-06-06: 27 2026-06-07: 4 2026-06-08: 76 2026-06-09: 67 2026-06-10: 196 2026-06-11: 99 2026-06-12: 85 2026-06-13: 16 2026-06-14: 27 2026-06-15: 129 2026-06-16: 50 2026-06-17: 36 2026-06-18: 494 2026-06-19: 190 2026-06-20: 518 2026-06-21: 30 2026-06-22: 54 2026-06-23: 38 2026-06-24: 49 2026-06-25: 363
7d: 1,736 posts
641 grupos activos
+592 nuevos
Top: china (6.3%)
china ▲ 109 100% other-actors ▲ 74 100% bushidouk ▲ 55 100% malware---tools ▲ 54 100% unknown---unmapped-actors ▲ 44 100%

Actores mas activos

qilin707thegentlemen461akira324dragonforce264lockbit5260

Paises con mas actividad

United States1792United Kingdom258Germany253China212Canada171

IOCs con relaciones

hash301ip22ip-135-125-160.eu9hash3hash3
15 de 22 incidentesExportar CSV
Scarlet Mimic
china Reference China
Que es Scarlet Mimic es un actor APT (Advanced Persistent Threat) asociado a China, conocido por su actividad de espionaje y ciberataques dirigidos a activistas de minorías. Con alias como G0029, Fake…
China2 minVer analisis →
SPIVY
china Reference China
Que es SPIVY es un actor APT (Advanced Persistent Threat) vinculado al grupo regional de China, con alias como "Hong Kong dissidents". Este nombre se utilizó en un informe publicado en 2016 por resear…
China2 minVer analisis →
DragonOK
china Reference China
Que es DragonOK es un actor APT (Advanced Persistent Threat) asociado al grupo regional de China. Conocido también como Dragon Castling, G0017, CVE-2015-1641, Sysget, IsSpace, Rambo Backdoor, y otros …
China2 minVer analisis →
Iron Group
china Reference China
Que es Iron Group es un actor APT (Advanced Persistent Threat) del grupo regional China, con alias reconocidos como Rocke, Bayer Cyber Attack, XBash, y actividades relacionadas con Cryptomining y Cryp…
China2 minVer analisis →
Persistency: tipically launching ransomware after operation to destroy evidences,Threat Recon.nshc.net alias=SectorA01,http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf,http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/,https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,https://www.alienvault.com/open-threat-exchange/blog/operation-blockbuster-unveils-the-actors-behind-the-sony-attacks,https://www.us-cert.gov/ncas/alerts/TA17-164A,http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do,https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/,https://www.crowdstrike.com/blog/unprecedented-announcement-fbi-implicates-north-korea-destructive-attacks/,https://www.us-cert.gov/ncas/alerts/TA17-318A,https://www.us-cert.gov/ncas/alerts/TA17-318B,https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf,https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/,https://www.darkreading.com/vulnerabilities---threats/lazarus-group-fancy-bear-most-active-threat-groups-in-2017/d/d-id/1330954?print=yes,https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, https://securelist.com/operation-applejeus/87553/,https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/,https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing,https://threatrecon.nshc.net/2019/01/23/sectora01-custom-proxy-utility-tool-analysis/,https://objective-see.com/blog/blog_0x49.html,https://www.sentinelone.com/blog/lazarus-apt-targets-mac-users-poisoned-word-document/,https://blog.alyac.co.kr/2827,https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/,https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/,https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/,https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/,https://www.clearskysec.com/operation-dream-job/,https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html,https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74,https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/,https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/,https://www.hvs-consulting.de/lazarus-report/,https://blog.chainalysis.com/reports/lazarus-group-kucoin-exchange-hack,https://securelist.com/lazarus-threatneedle/100803/,https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf,https://blog.alyac.co.kr/3814,https://www.cisa.gov/uscert/ncas/alerts/aa22-108a,https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/,https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/,https://securelist.com/dtrack-targeting-europe-latin-america/107798/,https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/,https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/,https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf,https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/,https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/,https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
north-korea Reference North Korea Gov T1566
Que es Threat Recon.nshc.net alias=SectorA01 es un actor APT del grupo regional de North Korea asociado a operaciones de ransomware. Este grupo ha sido documentado en múltiples fuentes de inteligencia…
North Korea2 minVer analisis →
Prince of Persia
iran Reference Iran
Que es Prince of Persia es un actor APT (Advanced Persistent Threat) asociado al grupo regional de Irán. Con alias como APT-C-50 y Infy, este grupo ha sido identificado como una amenaza con actividad …
Iran2 minVer analisis →
Also note that Turla used OilRigs implants,https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html,http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/,http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/,http://www.clearskysec.com/oilrig/,https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf,http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/,http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability%20,https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey-saudi-arabia/#56749aa2468a,https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/,https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/,https://researchcenter.paloaltonetworks.com/2017/09/unit42-striking-oil-closer-look-adversary-infrastructure/,https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html,https://researchcenter.paloaltonetworks.com/2017/12/unit42-introducing-the-adversary-playbook-first-up-oilrig/,https://www.dragos.com/blog/20180517Chrysene.html,https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf,https://sec0wn.blogspot.com/2018/05/prb-backdoor-fully-loaded-powershell.html,https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims,https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/,https://www.clearskysec.com/powdesk-apt34/,https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/,https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html,https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html,https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/,https://blog-cert.opmd.fr/dnspionage-retour-factuel-sur-les-attaques-annoncees-dans-differents-medias/,https://www.trendmicro.com/en_us/research/23/b/new-apt34-malware-targets-the-middle-east.html,https://www.trendmicro.com/en_no/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html,https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/,,,,,,
iran Reference Iran Gov T1566
Que es Turla es un grupo de ciberataques asociado al país de Irán, conocido por su actividad de espionaje cyber y operaciones de ingeniería social. El grupo utiliza técnicas avanzadas para comprometer…
Iran3 minVer analisis →
APT-C-23
middle-east Reference Unknown
Que es APT-C-23 es un actor de alto nivel (Advanced Persistent Threat) asociado al grupo regional Middle East, conocido por su actividad cibernética orientada a objetivos específicos. Este actor ha si…
Unknown2 minVer analisis →
Roaming Tiger
unknown---unmapped-actors Reference United States
Que es Roaming Tiger es un actor APT (Advanced Persistent Threat) del grupo regional Unknown / Unmapped Actors, conocido por su actividad en múltiples países, incluyendo Uzbeckistán, Mónaco, Myanmar, …
United States2 minVer analisis →
Gh0st RAT
malware---tools Reference Unknown
Que es Gh0st RAT Gh0st RAT (Remote Access Trojan) es un tipo de malware asociado a grupos APT (Advanced Persistent Threats), con alias como Moudoor, Piano Gh0st y Zegost. Este ciberataque se ha relaci…
Unknown2 minVer analisis →
LStudio
malware---tools Reference United States
Que es LStudio es un actor APT (Advanced Persistent Threat) relacionado con el grupo de malware "Tools", conocido por su actividad en el ámbito regional. Es uno de los actores más destacados en la lis…
United States2 minVer analisis →
MNKit
malware---tools Reference Unknown
Que es MNKit es un actor APT (Advanced Persistent Threat) vinculado a una operación de ciberespionaje regional. Se identifica como parte del grupo malicioso WingD, también conocido como Tran Duy Linh.…
Unknown2 minVer analisis →
Infy
malware---tools Reference Unknown
Que es Infy es un actor APT del grupo regional Malware / Tools, conocido por su actividad relacionada con amenazas cibernéticas. Fue identificado como Infy M y ha sido analizado en contextos de seguri…
Unknown2 minVer analisis →
APTTrail: bisonal indicators and references
bisonal Ioc United States
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a bisonal. Aliases observados: bisonal, tonto, tontoteam. Conteo por tipo: domain: 232, file_path: 5, ipv4: 5, url: 4.Indicadores de Co…
United States1 minVer analisis →
APTTrail: apt-c-06 indicators and references
apt-c-06 Ioc United States
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a apt-c-06. Aliases observados: apt-c-06, apt06, thinmon. Conteo por tipo: domain: 314, file_path: 7, ipv4: 3, url: 2.Indicadores de Co…
United States1 minVer analisis →