Live
jordiserrano.meClickFixKAIROSIntelTracker 🌐 Traducir PanelActoresCampanasCompararEstadisticasBreachesRSSAPI
10,488Incidentes
653Actores
169Paises
25 JunActualizado
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
2026-05-27: 5 2026-05-28: 22 2026-05-29: 118 2026-05-30: 16 2026-05-31: 7 2026-06-01: 39 2026-06-02: 20 2026-06-03: 34 2026-06-04: 38 2026-06-05: 200 2026-06-06: 27 2026-06-07: 4 2026-06-08: 76 2026-06-09: 67 2026-06-10: 196 2026-06-11: 99 2026-06-12: 85 2026-06-13: 16 2026-06-14: 27 2026-06-15: 129 2026-06-16: 50 2026-06-17: 36 2026-06-18: 494 2026-06-19: 190 2026-06-20: 518 2026-06-21: 30 2026-06-22: 54 2026-06-23: 38 2026-06-24: 49 2026-06-25: 363
7d: 1,736 posts
641 grupos activos
+592 nuevos
Top: china (6.3%)
china ▲ 109 100% other-actors ▲ 74 100% bushidouk ▲ 55 100% malware---tools ▲ 54 100% unknown---unmapped-actors ▲ 44 100%

Actores mas activos

qilin707thegentlemen461akira324dragonforce264lockbit5260

Paises con mas actividad

United States1792United Kingdom258Germany252China212Canada171

IOCs con relaciones

hash301ip22ip-135-125-160.eu9hash3hash3
15 de 26 incidentesExportar CSV
Also note that Turla used OilRigs implants,https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html,http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/,http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/,http://www.clearskysec.com/oilrig/,https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf,http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/,http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability%20,https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey-saudi-arabia/#56749aa2468a,https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/,https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/,https://researchcenter.paloaltonetworks.com/2017/09/unit42-striking-oil-closer-look-adversary-infrastructure/,https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html,https://researchcenter.paloaltonetworks.com/2017/12/unit42-introducing-the-adversary-playbook-first-up-oilrig/,https://www.dragos.com/blog/20180517Chrysene.html,https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf,https://sec0wn.blogspot.com/2018/05/prb-backdoor-fully-loaded-powershell.html,https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims,https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/,https://www.clearskysec.com/powdesk-apt34/,https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/,https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html,https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html,https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/,https://blog-cert.opmd.fr/dnspionage-retour-factuel-sur-les-attaques-annoncees-dans-differents-medias/,https://www.trendmicro.com/en_us/research/23/b/new-apt34-malware-targets-the-middle-east.html,https://www.trendmicro.com/en_no/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html,https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/,,,,,,
iran Reference Iran Gov T1566
Que es Turla es un grupo de ciberataques asociado al país de Irán, conocido por su actividad de espionaje cyber y operaciones de ingeniería social. El grupo utiliza técnicas avanzadas para comprometer…
Iran3 minVer analisis →
,,Inconclusive link to OilRig/APT34,https://www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain,https://www.cyberscoop.com/saudi-arabia-hackers-it-providers-symantec/,https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html,https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html,https://www.crowdstrike.com/blog/imperial-kitten-deploys-novel-malware-families/,https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east,,,,,,,,,,,,,,,,,,,,,,,,,,,
iran Reference Iran
Que es Un APT (Advanced Persistent Threat) del grupo regional Iran, con alias no conocido. El actor APT identificado pertenece al grupo regional de ciberataques asociado a Irán. No se han registrado a…
Iran3 minVer analisis →
4. Backdoor,,https://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html,https://www.securityartwork.es/2019/01/18/grupo-wirte-atacando-a-oriente-medio/, https://twitter.com/ClearskySec/status/1085160222233112577, https://twitter.com/ItsReallyNick/status/1033413803470467072,https://twitter.com/jeFF0Falltrades/status/1085247772582912003,https://www.securityartwork.es/2019/01/25/wirte-group-attacking-the-middle-east/,https://lab52.io/blog/wirte-group-attacking-the-middle-east/,https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044/,,,,,,,,,,
middle-east Reference Unknown
Que es El grupo Middle East es un actor APT (Advanced Persistent Threat) regional asociado a actividades de ciberataque orientadas a entidades en el Oriente Medio. Según informes verificados, este gru…
Unknown2 minVer analisis →
GravityRAT
other-actors Reference India
Que es GravityRAT es un actor APT (Advanced Persistent Threat) asociado al grupo regional "Other Actors", con alegaciones de origen en India o Pakistan. Se le conoce también como Other Actors, y su ev…
India2 minVer analisis →
STIBNITE
other-actors Reference Unknown
Que es STIBNITE STIBNITE es un actor APT (Advanced Persistent Threat) asociado al grupo Other Actors, cuyo nombre alternativo es PoetRAT. Este grupo ha sido identificado en múltiples informes de segur…
Unknown2 minVer analisis →
YoroTrooper
unknown---unmapped-actors Reference United States
Que es YoroTrooper es un actor APT (Advanced Persistent Threat) asociado al grupo regional Unknown / Unmapped Actors, con actividades detectadas en el ámbito de la espionaje cibernético. Este grupo, s…
United States3 minVer analisis →
ROKRAT
malware---tools Reference Unknown
Que es ROKRAT es un actor APT (Advanced Persistent Threat) relacionado con el grupo regional de malware y herramientas. Se identifica como un atacante cibernético asociado a Corea del Norte, con activ…
Unknown2 minVer analisis →
APTTrail: arid gopher indicators and references
arid-gopher Ioc Unknown
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a arid gopher. Aliases observados: arid gopher, arid viper, spyc23. Conteo por tipo: domain: 80, ipv4: 6, url: 2.Indicadores de Comprom…
Unknown1 minVer analisis →
APTTrail: APT BAHAMUT indicators and references
apt-bahamut Ioc Unknown
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a APT BAHAMUT. Aliases observados: APT BAHAMUT. Conteo por tipo: domain: 175, file_path: 6, ipv4: 14, url: 1.Indicadores de Compromiso …
Unknown1 minVer analisis →
APTTrail: bisonal indicators and references
bisonal Ioc United States
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a bisonal. Aliases observados: bisonal, tonto, tontoteam. Conteo por tipo: domain: 232, file_path: 5, ipv4: 5, url: 4.Indicadores de Co…
United States1 minVer analisis →
APTTrail: APT DNSPIONAGE indicators and references
apt-dnspionage Ioc Unknown
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a APT DNSPIONAGE. Aliases observados: APT DNSPIONAGE. Conteo por tipo: domain: 519.Indicadores de Compromiso (IOCs)TipoValorContextoDom…
Unknown1 minVer analisis →
APTTrail: exilerat indicators and references
exilerat Ioc India
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a exilerat. Aliases observados: exilerat, luckycat, sepulcher, shadownet, ta413. Conteo por tipo: domain: 56, ipv4: 8, url: 1.Indicador…
India1 minVer analisis →
APTTrail: APT MIDDLEEAST indicators and references
apt-middleeast Ioc Unknown 💻 Tech
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a APT MIDDLEEAST. Aliases observados: APT MIDDLEEAST. Conteo por tipo: domain: 134.Indicadores de Compromiso (IOCs)TipoValorContextoDom…
Unknown1 minVer analisis →
APTTrail: APT REAPER indicators and references
apt-reaper Ioc Unknown
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a APT REAPER. Aliases observados: APT REAPER. Conteo por tipo: domain: 19, file_path: 1.Indicadores de Compromiso (IOCs)TipoValorContex…
Unknown1 minVer analisis →
APTTrail: APT REDBALDKNIGHT indicators and references
apt-redbaldknight Ioc Unknown
Resumen APTTrailAPTTrail mantiene indicadores publicos asociados a APT REDBALDKNIGHT. Aliases observados: APT REDBALDKNIGHT. Conteo por tipo: file_path: 2.Indicadores de Compromiso (IOCs)TipoValorCont…
Unknown1 minVer analisis →