SHA256MediumSignal 99/100
01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
Location
First Seen
Dec 11, 2021
Last Seen
Jun 5, 2026
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseaccount brute forceactive scanninganydeskapacheasciiattackauthenticationauthentication attackauthentication brute forceautomotive manufacturingazure vmbackbitsblackbyteblackbyte 2.0blackbytentblackbytenthbloat-abodybotnetbrute forcebrute force attackbubblebyovdc2cert polskacisacivil servicesck techniquesclick-based attackcobalt strikecode executioncode injectioncode integrity bypasscommand & controlcommand and controlcommand executioncommunication protocolcommunications networkscontacted urlsconticredential accesscredential brute forcecredential harvestingcredential stuffingcritical infrastructurecybercyber actorscyclopsd0nutdarkdata accessdata copyingdata encryptiondata exfiltrationdata transferdbutil_2_3.sysdefense evasiondefense systemsdenial of servicedesktopdiplomatic orbiterdirectorydistributed attacksdriverdriver exploitationelectronic health recordselectronics manufacturingemergency servicesencryptenergy systemsenterprise securityenumerationerroresxi servereuropeeverestexbyteexeexfiltrationexploitexploitation activityextortionfalsefeelfilefile-hashfileless malwarefileobjfinancial systemsfranceftpftp brute forcegdrv.sysgootloadergovernment facilitiesgovernment technologyhashhasheshavochealth care and social assistancehealth information technologyhealthcare information systemshivehospital managementhtmlhtml internethttp attackhttp brute forcehttp scannerhttpsimapimap brute forceimpactinc ransominc ransomwareindicatorindustrial automationindustrial iotindustrial productionindustries/all industriesinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinput validation bypassinsikt groupinstallinvalid-signatureiocsisitemit infrastructurejsonkernelkernel exploitationknightland driverslateral movementlegitlightlivinglocallockbitlogin attemptslolbinslowfimagia dokumentmagika htmlmainmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware/blackbytemanufacturing technologymarkmatrixmedicalmedical servicesmegamega nzmetasploitmitre attmmm dnativencscnetscannetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnomentlmnumberopendiroperating systemoverlaypassword attackspatch managementpath traversalpatient carepe resourcepeexeperuphishingphishing attackpop3 brute forcepremiumprivilege escalationprocess injectionprocess manufacturingprofessional servicesprotocol exploitationprotocol-deviproxyshell vulnerabilitiespsexecpublic administrationpublic infrastructurepublic policyqakbotquality controlradarrandom nameransomhubransomwarerclonereconnaissanceregulatory agenciesremote accessremote access attemptsremote code executionremote servicesresearchedrootkitrozmiarrtcore64.sysrunkeysscripting attacksscrollsecurity bypassservicesftp servershellshellcodesignedsigned driver abusesmb scanningsmtpsmtp brute forcesocial engineeringsoftware developmentsoftware exploitationsoftware vulnerabilitiessouth americassh attackstixstopransomwarestrongsupply chain managementsuspected compromisesvr cybersys filesysmonsystem disruptionsystembct1003t1005t1016t1018t1021t1021.001t1021.002t1027t1030t1040t1046t1053.005t1055t1057t1059t1059.001t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1190t1203t1204.001t1204.002t1211t1213t1213.001t1218.003t1486t1490t1496t1499.002t1499.003t1530t1547.001t1562t1562.001t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1574.001t1587.001t1589t1590t1590.001t1595t1595.001t1595.002t1595.003tabelatalostalos irtargettcp protocoltcp scantcp scanningteamtechnical servicestelnet threattempestthobtthreat actorthreat spotlightthreat typetitletitle idtoolstop storytotvstransportation networkstriid pliktrojan malwarettpstwittertypeof windowudp port scanudp scanunauthorized accessunsigned driveruser executionvanilla tempestvice societyvmware esxivulnvulnerabilityvulnerablevulnerable driver exploitationw32.bloat-awater systemsweb application exploitationweb securityweb serverweb trafficwebdavwhaszwin32 malwarewindowswindows malwarewinscpwormz bardzo
Activity Timeline
Jun 5Jun 5
Threat Activity Heatmap
· Peak: 2026-06-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenDec 11, 2021
Last seenJun 5, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32+ executable (native) x86-64, for MS Windows
- references
- https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/, https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a, https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/, https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/, otx_pulse.json, https://loldrivers.io/, https://www.loldrivers.io/js/chart.min.js, https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js, https://www.loldrivers.io/favicons/browserconfig.xml, https://raw.githubusercontent.com/mthcht/awesome-lists/refs/heads/main/Lists/Drivers/loldrivers_only_hashes_list.csv, https://labs.inquest.net/iocdb, https://github.com/wavestone-cdt/EDRSandblast, https://kazitec.com/threatfeeds/SHA1.txt, https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a, https://cybersecsentinel.com/vanilla-tempest-unleashes-inc-ransomware-on-hospitals/, https://www.mycert.org.my/portal/advisory?id=MA-1138.092024, https://www.loldrivers.io/, https://www.cisa.gov/sites/default/files/2023-12/aa23-347a-russian-foreign-intelligence-service-svr-exploiting-jetbrains-teamcity-cve-globally.pdf, AvosLocker Ransomware IOCs.csv
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 25 days ago
Appeared in 18 threat reports