IOC Radar
SHA256MediumSignal 84/100

07c3bbe60d47240df7152f72beb98ea373d9600946860bad12f7bc617a5d6f5f

Location
PeruPeru
First Seen
Jun 29, 2025
Last Seen
Jun 3, 2026
Jun 29
First Seen
369d ago
Jun 3
Last Seen
30d ago
8
Reports
source reports
84%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Feed Intelligence Summary

8 reports84% confidence
8
Source reports
84%
Confidence score
Category tags
abuse_ch_hashactive scanadministratorsbad reputationbasicbehavioralchaoschlorine_dosingchlorinedoseclarotycommand associatedcritical infrastructuredefensedesalinationdetect-debug-environmentdirectdnp3encryptdecryptenergyfile-hashfunctiongeographic_filteringhaifahmisics_targetingindicatoriot securityipv4ipv62a03ipv62a12israelistargetcountrykaijikodadrlinuxlong-sleepsmalwaremodbusnathaniel billnation-state activitynqvbdkotiotpathpeexeperuplchmiprimary mqttprocess_controlransomwareremote accessremovable_media_propagationresearcheds7commsouth americastringsstuxnett1005t1021t1021.004t1027t1027.002t1037.004t1046t1057t1059t1059.001t1059.004t1070.004t1082t1083t1090.001t1091t1105t1106t1110.001t1112t1135t1140t1190t1203t1204t1210t1222.002t1485t1491t1496t1547.001t1565.001targettelecomtempthreat leveltor nodetype pe32type valuevulnerability scanwater_treatmentwindowswritezionsiphon

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
8
Reports
First seenJun 29, 2025
Last seenJun 3, 2026

VirusTotal

Not checked

WHOIS

description
Darktrace's honeypot network, known as CloudyPots, has recently unveiled a new variant of Chaos malware exploiting misconfigurations in cloud environments. Chaos, a Go-based malware attributed to Chinese actors, is a successor to the Kaiji botnet and primarily targets routers via SSH brute-forcing and known vulnerabilities in router software. It has been known to facilitate DDoS attacks and cryptomining by commandeering infected devices.
references
IOCs.2026.csv, https://www.darktrace.com/blog/inside-zionsiphon-darktraces-analysis-of-ot-malware-targeting-israeli-water-systems, https://www.darktrace.com/blog/darktrace-identifies-new-chaos-malware-variant-exploiting-misconfigurations-in-the-cloud

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports