IOC Radar
SHA256MediumSignal 100/100

076364dd23d46c40d00fc62baa9826a4c74900cc0f31605b15d92153b184dd7a

Location
ChinaChina
First Seen
Aug 4, 2021
Last Seen
Feb 15, 2026
Aug 4
First Seen
1794d ago
Feb 15
Last Seen
138d ago
3
Reports
source reports
99%
Confidence
medium
44/75
VirusTotal
detections
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

64 techniques

Feed Intelligence Summary

3 reports99% confidence
3
Source reports
99%
Confidence score
Category tags
aptasiaaspxassembly executionassembly injectionbackdoorbotnetc2 communicationchinachina chopperchina-nexus aptchinese aptchopper webcivil servicescode executioncommand and controlcommand executioncommunication protocolcommunication technologiescontactcovert channelscredential accesscyber espionagecyber espionage campaigndata exfiltrationdata theftdistributed attacksencrypted chinaencrypted communicationevasionevasion techniquesfile-hashgovernment technologyhasheshttp scannerhttp tunnelingindicatorinmemory web shelliron tigerlateral movementmalicious activitymalicious powershell activitymalicious softwaremalwarememory injectionmobile carriersmobile networksmonitoringnaikon aptnetwork reconnaissancepatchpersistent accessprocess injectionproxy serversproxy tunnelingpublic administrationpublic infrastructurepublic policyregeorgregulatory agenciesremote accessremote access toolsremote code executionresearchedscripting attacksshellsoft cellsoftware exploitationstealthstopstorysygniat1003t1003.002t1005t1016t1018t1020t1021t1021.001t1021.002t1027t1041t1048t1049t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1070t1071t1071.001t1074t1074.001t1078t1078.002t1078.003t1082t1083t1086t1087t1087.002t1090t1090.001t1095t1105t1133t1134t1134.001t1135t1190t1199t1203t1204.002t1486t1496t1499.002t1499.003t1505t1505.003t1547.001t1552t1552.001t1555t1560t1560.001t1565t1570t1572t1573t1573.001telcostelecomtelecom networktelecom servicestelecommunicationsthreat actortoolsweaver antweb server compromiseweb shellweb shellsweb traffic

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
3
Reports
First seenAug 4, 2021
Last seenFeb 15, 2026

VirusTotal

44/ 75vendors flagged
59% detection rateJun 8, 2026

WHOIS

description
SHA256 of 207b7cf5db59d70d4789cb91194c732bcd1cfb4b
references
https://www.sygnia.co/threat-reports-and-advisories/weaver-ant-tracking-a-china-nexus-cyber-espionage-operation/, https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos#lateral-movement-paexec

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 months ago
Appeared in 3 threat reports