MD5MediumSignal 99/100
0be11b4f34ede748892ea49e473d82db
Location
PeruFirst Seen
Jul 24, 2023
Last Seen
Apr 23, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports99% confidence
10
Source reports
99%
Confidence score
Category tags
abuseapt29bad reputationbeaconbrc4collaborationcommand & controlcritical industriesdetect-debug-environmentdomainurl httpsdukeduke malwareeducationembassyenergyfile-hashfinance and insuranceforeign affairshashesindicatorlearnlong-sleepsmalwareneedopen sourcepartnerpedllperuresearchedservicesouth americastixt1027t1036t1071t1106t1134t1204t1218t1543t1566t1574t1584teamthreat actortor nodevulnerability scanwindowswindows shortcut
Activity Timeline
Apr 23Apr 23
Threat Activity Heatmap
· Peak: 2026-04-23LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
10
Reports
First seenJul 24, 2023
Last seenApr 23, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
- references
- https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing, https://blog.eclecticiq.com/german-embassy-lure-likely-part-of-campaign-against-nato-aligned-ministries-of-foreign-affairs, https://thehackernews.com/2023/08/nofilter-attack-sneaky-privilege.html, https://therecord.media/illinois-hospital-notifies-patients-employees-of-cyber-incident?&web_view=true, August 18th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3074 - Malicious PDF Documents Used to Target NATO countries.pdf
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 1 month ago
Appeared in 10 threat reports