SHA256MediumSignal 100/100
06c38b4c73015d04536d80262bb531183bead459371dd6db86a40dfccbdf236a
Location
First Seen
Jan 16, 2025
Last Seen
Feb 7, 2026
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports99% confidence
4
Source reports
99%
Confidence score
Category tags
active scanninganchorapplication attackapplication layer protocolasiaattackauthentication attackbazarcallbazarloaderbotnetbrute forcebrute force attackcampo loadercobalt strikecommand and controlcommunication protocolcompromise attemptcredential accesscredential brute forcecredential brute forcingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdatabase brute forcedenial of servicedistributed attacksenumerationeuropeexcelexploitfile-hashftpftp brute forcegermanyhttp brute forcehttp scannerhttpsicedidindiaindicatorinitial accesslateral movementlogin attemptlogin brute forcemalicious activitymalicious network activitymalicious softwaremalspammalwaremalware distributionnetwork attacksnetwork enumerationnetwork intrusion attemptnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americapassword attackpassword attackspassword crackingphishing attackpossible credential stuffingpossible malicious activitypotential intrusionprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote servicesresearchedryukservice exploitation attemptsmb brute forcesmtp brute forcesmtp enumerationsocial engineeringssh attacksyn port scansyn scansystem accesssystem discoveryt1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.006t1040t1046t1047t1053t1055t1059t1059.001t1059.004t1068t1070t1071t1071.001t1076t1077t1078t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1187t1190t1199t1204t1486t1496t1499.002t1499.003t1539t1555t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1573t1588t1588.002t1589t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelnet threatthreat actorudp port scanudp scanunauthorized access attemptunited statesvalid accountsweb trafficxlsx
Activity Timeline
Feb 7Feb 7
Threat Activity Heatmap
· Peak: 2026-02-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
4
Reports
First seenJan 16, 2025
Last seenFeb 7, 2026
VirusTotal
Not checked
WHOIS
- description
- Zip archive data, at least v2.0 to extract
- references
- https://unit42.paloaltonetworks.com/bazarloader-malware/, https://github.com/pan-unit42/iocs/blob/master/BazarCall/Appendix-E.txt, https://github.com/pan-unit42/iocs/blob/master/BazarCall/Appendix-D.txt, https://github.com/pan-unit42/iocs/blob/master/BazarCall/Appendix-C.txt, https://github.com/pan-unit42/iocs/blob/master/BazarCall/Appendix-B.txt, https://www.trendmicro.com/en_us/research/21/d/a-spike-in-bazarcall-and-icedid-activity.html, https://labs.inquest.net/iocdb
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 months ago
Appeared in 4 threat reports