SHA256MediumSignal 84/100
07c3bbe60d47240df7152f72beb98ea373d9600946860bad12f7bc617a5d6f5f
Location
First Seen
Jun 29, 2025
Last Seen
Jun 3, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
8 reports84% confidence
8
Source reports
84%
Confidence score
Category tags
abuse_ch_hashactive scanadministratorsbad reputationbasicbehavioralchaoschlorine_dosingchlorinedoseclarotycommand associatedcritical infrastructuredefensedesalinationdetect-debug-environmentdirectdnp3encryptdecryptenergyfile-hashfunctiongeographic_filteringhaifahmisics_targetingindicatoriot securityipv4ipv62a03ipv62a12israelistargetcountrykaijikodadrlinuxlong-sleepsmalwaremodbusnathaniel billnation-state activitynqvbdkotiotpathpeexeperuplchmiprimary mqttprocess_controlransomwareremote accessremovable_media_propagationresearcheds7commsouth americastringsstuxnett1005t1021t1021.004t1027t1027.002t1037.004t1046t1057t1059t1059.001t1059.004t1070.004t1082t1083t1090.001t1091t1105t1106t1110.001t1112t1135t1140t1190t1203t1204t1210t1222.002t1485t1491t1496t1547.001t1565.001targettelecomtempthreat leveltor nodetype pe32type valuevulnerability scanwater_treatmentwindowswritezionsiphon
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
8
Reports
First seenJun 29, 2025
Last seenJun 3, 2026
VirusTotal
Not checked
WHOIS
- description
- Darktrace's honeypot network, known as CloudyPots, has recently unveiled a new variant of Chaos malware exploiting misconfigurations in cloud environments. Chaos, a Go-based malware attributed to Chinese actors, is a successor to the Kaiji botnet and primarily targets routers via SSH brute-forcing and known vulnerabilities in router software. It has been known to facilitate DDoS attacks and cryptomining by commandeering infected devices.
- references
- IOCs.2026.csv, https://www.darktrace.com/blog/inside-zionsiphon-darktraces-analysis-of-ot-malware-targeting-israeli-water-systems, https://www.darktrace.com/blog/darktrace-identifies-new-chaos-malware-variant-exploiting-misconfigurations-in-the-cloud
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports