3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Entropy

Entropy

ID: 15fc3950b7c08c0b533f05a11979539326088
Cybercrime Cybercriminal Hacktivist
Threat types: Cybercrime, Hacktivism, Defacement, Intrusion
Mexico ARG
Updated: 2026-03-30
Created: 2026-03-27
Progress: 82% Completeness: 78% Freshness: 90%
Operation zone: Argentina
Aliases Limited alias preview
⁨Esotilin⁩
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Entropy is a Chronus Team-linked operator/persona associated with public-sector intrusion and defacement activity in Latin America. The strongest public evidence places the alias on the defacement of the Open Data Portal of San Fernando del Valle de Catamarca, Argentina, alongside other Chronus-linked names.


Technique Technique name Tactics Evidence
T1190 Exploit Public-Facing Application TA0001
  • 2026-03-24 — The observed victim was a public-facing municipal open-data portal. INFERENCE (confidence: medium): the most plausible initial access path is exploitation of a public-facing application or related exposed web component. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2026-03-24 — INFERENCE (confidence: medium): weak or compromised administrative credentials may also explain unauthorized access to the portal environment. · ref
T1491.001 Internal Defacement TA0040
  • 2026-03-24 — The defaced page explicitly displayed attacker-controlled messaging and Chronus Team branding, with 'Hacked by Entropy' listed among the co-claimants. · ref
T1565.001 Stored Data Manipulation TA0040
  • 2026-03-24 — INFERENCE (confidence: medium): portal content and state were modified to present false counts and attacker-controlled text, consistent with stored data manipulation. · ref
T1591 Gather Victim Org Information TA0043
  • 2026-03-28 — Public reporting indicates Chronus Team focuses on public-sector and high-symbolism targets in Latin America. INFERENCE (confidence: medium): target selection likely involved identifying institutions with reputational value and visible public surfaces. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-30T19:15:40+00:00

Entropy / Esotilin — Chronus Team-linked operator

Classification: Unclassified / Open Source Intelligence (OSINT) + Limited Human Intelligence (HUMINT) — TLP:WHITE

Category: Cybercrime / Hacktivism-adjacent intrusion and defacement activity - Origin: Mexico (assessed, not confirmed)

Author: iQBlack CTI Team


Executive Summary

Entropy is assessed as a public-facing operator or participant associated with the broader Chronus Team ecosystem, a Latin American intrusion-and-leak cluster that has targeted public-sector and quasi-public entities for reputational pressure, data exposure, and propaganda value. Open reporting does not support treating Entropy as a standalone organization; rather, available evidence places the alias within a semi-decentralized brand environment in which multiple named participants claim or co-sign operations.

Current confidence is medium regarding Entropy’s membership or active participation in Chronus Team operations, and high regarding the actor’s public association with the defacement of the Open Data Portal of San Fernando del Valle de Catamarca, Argentina. The defacement page explicitly listed “Hacked by Entropy” alongside other named Chronus-linked actors, providing a direct public claim tied to an observed victim surface.


Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Entropy / Esotilin

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Entropy / Esotilin / Chronus Team-linked activity


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-30T14:39:00+00:00

IOC Appendix — Entropy / Esotilin

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-30T14:39:51+00:00

OSINT Library — Entropy


2026-03-24 — Internet Archive / Wayback Machine — “HACKED BY CHRONUS” capture of Catamarca municipal open-data portal

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.