Live
jordiserrano.meClickFixKAIROSIntelTracker 🌐 Traducir PanelActoresCampanasCompararEstadisticasBreachesRSSAPI
10,488Incidentes
653Actores
169Paises
25 JunActualizado
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
2026-05-27: 5 2026-05-28: 22 2026-05-29: 118 2026-05-30: 16 2026-05-31: 7 2026-06-01: 39 2026-06-02: 20 2026-06-03: 34 2026-06-04: 38 2026-06-05: 200 2026-06-06: 27 2026-06-07: 4 2026-06-08: 76 2026-06-09: 67 2026-06-10: 196 2026-06-11: 99 2026-06-12: 85 2026-06-13: 16 2026-06-14: 27 2026-06-15: 129 2026-06-16: 50 2026-06-17: 36 2026-06-18: 494 2026-06-19: 190 2026-06-20: 518 2026-06-21: 30 2026-06-22: 54 2026-06-23: 38 2026-06-24: 49 2026-06-25: 362
7d: 1,735 posts
641 grupos activos
+592 nuevos
Top: china (6.3%)
china ▲ 109 100% other-actors ▲ 74 100% bushidouk ▲ 55 100% malware---tools ▲ 54 100% unknown---unmapped-actors ▲ 44 100%

Actores mas activos

qilin707thegentlemen461akira324dragonforce264lockbit5260

Paises con mas actividad

United States1792United Kingdom258Germany252China212Canada171

IOCs con relaciones

hash300ip22ip-135-125-160.eu9hash3hash3
15 de 25 incidentesExportar CSV
APT4
china Reference China
Que es APT4 APT4 es un actor cibernético asociado al grupo regional de China, conocido por su actividad maliciosa en el ámbito digital. Su nombre también se conoce como Samurai Panda, PLA Navy, Sykipo…
China2 minVer analisis →
Anchor Panda
china Reference China
Que es Anchor Panda es un actor APT regional del grupo China, conocido por su actividad de espionaje en sectores críticos relacionados con la seguridad marítima. Este grupo, también denominado como AP…
China2 minVer analisis →
Judgement Panda
china Reference China T1566
Que es Judgement Panda es un actor APT (Advanced Persistent Threat) asociado al grupo regional de China. Conocido también como Umbrella Revolution, este grupo se ha enfocado en actividades de spear-ph…
China2 minVer analisis →
Kryptonite Panda
china Reference China
Que es Kryptonite Panda es un actor APT (Advanced Persistent Threat) asociado a China, identificado como parte de una red regional de amenazas cibernéticas. El grupo se conoce también con alias como 8…
China2 minVer analisis →
Nomad Panda
china Reference China
Que es Nomad Panda es un actor APT (Advanced Persistent Threat) asociado al grupo regional de China. Conocido también como Neeedleminer group, Night Dragon, RedFoxtrot y otros alias, el grupo ha sido …
China2 minVer analisis →
Pirate Panda
china Reference China
Que es Pirate Panda es un actor APT (Advanced Persistent Threat) asociado al grupo regional de China, con alias como KeyBoys, G0081, Southeast Asia, Tropic Trooper y KeyBoy. Este grupo está ligado a a…
China2 minVer analisis →
Persistency: tipically launching ransomware after operation to destroy evidences,Threat Recon.nshc.net alias=SectorA01,http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf,http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/,https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,https://www.alienvault.com/open-threat-exchange/blog/operation-blockbuster-unveils-the-actors-behind-the-sony-attacks,https://www.us-cert.gov/ncas/alerts/TA17-164A,http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do,https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/,https://www.crowdstrike.com/blog/unprecedented-announcement-fbi-implicates-north-korea-destructive-attacks/,https://www.us-cert.gov/ncas/alerts/TA17-318A,https://www.us-cert.gov/ncas/alerts/TA17-318B,https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf,https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/,https://www.darkreading.com/vulnerabilities---threats/lazarus-group-fancy-bear-most-active-threat-groups-in-2017/d/d-id/1330954?print=yes,https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, https://securelist.com/operation-applejeus/87553/,https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/,https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing,https://threatrecon.nshc.net/2019/01/23/sectora01-custom-proxy-utility-tool-analysis/,https://objective-see.com/blog/blog_0x49.html,https://www.sentinelone.com/blog/lazarus-apt-targets-mac-users-poisoned-word-document/,https://blog.alyac.co.kr/2827,https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/,https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/,https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/,https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/,https://www.clearskysec.com/operation-dream-job/,https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html,https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74,https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/,https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/,https://www.hvs-consulting.de/lazarus-report/,https://blog.chainalysis.com/reports/lazarus-group-kucoin-exchange-hack,https://securelist.com/lazarus-threatneedle/100803/,https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf,https://blog.alyac.co.kr/3814,https://www.cisa.gov/uscert/ncas/alerts/aa22-108a,https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/,https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/,https://securelist.com/dtrack-targeting-europe-latin-america/107798/,https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/,https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/,https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf,https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/,https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/,https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
north-korea Reference North Korea Gov T1566
Que es Threat Recon.nshc.net alias=SectorA01 es un actor APT del grupo regional de North Korea asociado a operaciones de ransomware. Este grupo ha sido documentado en múltiples fuentes de inteligencia…
North Korea2 minVer analisis →
Clever Kitten
iran Reference Iran
Que es Clever Kitten es un actor APT (Advanced Persistent Threat) vinculado al grupo regional de Iran. Con alias como Group 41, Acunetix Web Vulnerability Scanner y PHP Webshell RC SHELL, este grupo e…
Iran2 minVer analisis →
Also note that Turla used OilRigs implants,https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html,http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/,http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/,http://www.clearskysec.com/oilrig/,https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf,http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/,http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability%20,https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey-saudi-arabia/#56749aa2468a,https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/,https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/,https://researchcenter.paloaltonetworks.com/2017/09/unit42-striking-oil-closer-look-adversary-infrastructure/,https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html,https://researchcenter.paloaltonetworks.com/2017/12/unit42-introducing-the-adversary-playbook-first-up-oilrig/,https://www.dragos.com/blog/20180517Chrysene.html,https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf,https://sec0wn.blogspot.com/2018/05/prb-backdoor-fully-loaded-powershell.html,https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims,https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/,https://www.clearskysec.com/powdesk-apt34/,https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/,https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html,https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html,https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/,https://blog-cert.opmd.fr/dnspionage-retour-factuel-sur-les-attaques-annoncees-dans-differents-medias/,https://www.trendmicro.com/en_us/research/23/b/new-apt34-malware-targets-the-middle-east.html,https://www.trendmicro.com/en_no/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html,https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/,,,,,,
iran Reference Iran Gov T1566
Que es Turla es un grupo de ciberataques asociado al país de Irán, conocido por su actividad de espionaje cyber y operaciones de ingeniería social. El grupo utiliza técnicas avanzadas para comprometer…
Iran3 minVer analisis →
Gold lowell
iran Reference Iran 🖥️ Software
Que es Gold lowell es un actor APT (Advanced Persistent Threat) asociado al grupo regional de Iran. Este grupo ha sido identificado con alias como Boss Spider, SamSam, y Criminal, lo que sugiere una a…
Iran2 minVer analisis →
,,Inconclusive link to OilRig/APT34,https://www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain,https://www.cyberscoop.com/saudi-arabia-hackers-it-providers-symantec/,https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html,https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html,https://www.crowdstrike.com/blog/imperial-kitten-deploys-novel-malware-families/,https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east,,,,,,,,,,,,,,,,,,,,,,,,,,,
iran Reference Iran
Que es Un APT (Advanced Persistent Threat) del grupo regional Iran, con alias no conocido. El actor APT identificado pertenece al grupo regional de ciberataques asociado a Irán. No se han registrado a…
Iran3 minVer analisis →
,https://dragos.com/blog/industry-news/the-state-of-threats-to-electric-entities-in-north-america/,https://www.crowdstrike.com/blog/who-is-pioneer-kitten/,https://us-cert.cisa.gov/ncas/alerts/aa20-259a,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
iran Reference Iran Gov
Que es El grupo regional Iran es un actor APT (Advanced Persistent Threat) asociado al país, con actividades de ciberamenaza documentadas en redes y recursos digitales. No se han identificado alias co…
Iran2 minVer analisis →
Syrian Electronic Army (SEA)
middle-east Reference United States T1566
Que es Syrian Electronic Army (SEA) es un grupo regional de ciberamenazas basado en el Medio Oriente, conocido como Deadeye Jackal y con alias relacionados con la guerra civil siria. Este actor APT (A…
United States2 minVer analisis →
Dungeon Spider
other-actors Reference Unknown
Que es Dungeon Spider es un actor APT (Advanced Persistent Threat) asociado al grupo regional "Other Actors", identificado como uno de los actores no state en el ámbito de ciberseguridad. Este alias s…
Unknown2 minVer analisis →
Lunar Spider
other-actors Reference United States
Que es Lunar Spider es un actor APT (Advanced Persistent Threat) del grupo Other Actors, conocido por su actividad en el ámbito de la ciberseguridad y el crimen financiero. Este grupo se ha asociado c…
United States2 minVer analisis →