SHA256MediumSignal 47/100
011df46e94218cbb2f0b8da13ab3cec397246fdc63436e58b1bf597550a647f6
Location
PeruFirst Seen
Apr 3, 2025
Last Seen
May 20, 2026
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
3 reports47% confidence
3
Source reports
47%
Confidence score
Category tags
active scanasciiattackautomotive manufacturingbackbad reputationbodybotnetbotnet activitybrute forcebubblebuilding constructionbyovdcastletapcivil servicesclick-based attackcode executioncode injectioncode integrity bypasscommand and controlcommand executionconceptconstruction materialsconstruction safetyconstruction technologycredential accesscredential stuffingcrystal eyedarkdata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata theftdata transferdefense evasiondistributed attacksdriverdriver exploitationedr bypassedr disableegregorelectronics manufacturingencryptionerroreurope/asiaexecutable fileexploitexploitation activityextortionfalsefeelfile-hashfileless malwarefortiosftp brute forcegolden chickensgovernment technologyhashes filehostkeyhtmlhtml internetidentity & access exploitationimpactindicatorindustrial automationindustrial iotindustrial productioninformation technologyinjection activityiot securityisitemit infrastructurejsonkernelkernel driverland driverslateral movementlightlistloglivinglolbinslowfimagia dokumentmagika htmlmainmalicious activitymalicious linksmalicious powershell activitymalicious softwaremalwaremanufacturing technologymarkmmm dmobile threatmora_001multiple protocolsnation-state activitynativenorth americanumberoperating systemoverlaypeexeperuphantom mantisphasephishingpremiumprivilege escalationprocess injectionprocess manufacturingprodaftpsexecpublic administrationpublic infrastructurepublic policyqilinqilin ransomwarequality controlraasradarransomwarered piranharegulatory agenciesremoteremote accessremote servicesreptileresearchedrootkitrozmiarrussiascripting attacksscrollsecurity bypassserviceshellshock hostingsignedsigned driver abusesocial engineeringsoftware developmentsouth americassh attackstrongsupply chain attacksupply chain managementsys filesysmonsystem disruptiont1003t1005t1021t1021.001t1027t1030t1049t1053t1053.005t1055t1059t1059.001t1068t1069.001t1070t1071t1071.001t1076t1078t1086t1087t1110t1110.002t1133t1134t1140t1190t1204t1204.001t1204.002t1213.001t1218.003t1486t1490t1496t1497t1499.002t1499.003t1529t1547t1547.001t1562t1562.001t1562.002t1563t1565t1566t1574.001t1589t1595t1622tacticstargettdirtechtempthreat actortor nodetpwsav.systriid plikttpstypeof windowunc3886united statesunsigned driveruser executionveeam backupvmwarevmware esxivpnvpn compromisevulnerabilityvulnerability scanvulnerablevulnerable driver exploitationwhaszwin32 malwarewindowswindows malwarez bardzozero
Activity Timeline
May 20May 20
Threat Activity Heatmap
· Peak: 2026-05-20LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
3
Reports
First seenApr 3, 2025
Last seenMay 20, 2026
VirusTotal
Not checked
WHOIS
- description
- Here is the full list of malicious Windows drivers, which can be blocked with the help of a special tool, or a built-in system, if you want to know what to do with it.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 24 days ago
Appeared in 3 threat reports