IOC Radar
SHA1MediumSignal 57/100

0f1aea2cf0c9f2de55d2b920618a5948c5e5e119

First Seen
May 31, 2024
Last Seen
Apr 10, 2026
May 31
First Seen
740d ago
Apr 10
Last Seen
61d ago
6
Reports
source reports
57%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

26 techniques

Feed Intelligence Summary

6 reports57% confidence
6
Source reports
57%
Confidence score
Category tags
active scanadres urlattackavast redniabotnetbotnet activitycommand and controlczciowydata encryptiondata exfiltrationdata haszyszdata store exposureddosdistributed attacksdownloaderencryptionevasionexfiltrationexploitation activityextortionfile-hashgoogle wynikiindicatoringress tool transferinitial accessinjection activitylateral movementlinuxmalicious activitymalicious softwaremalloxmalwaremalware download attemptnazwa hostanetwork protocolnie monaprocess injectionransom demandransomwareransomware-as-a-serviceresearchedrobaksystem disruptiont1021.002t1027t1055t1059t1059.001t1059.004t1071t1071.001t1077t1078t1105t1190t1204t1204.002t1486t1490t1496t1499.002t1499.003t1505.003t1547t1565t1566t1567t1588.001t1588.002threat actortor nodetrojan malwaretrojandroppertylne drzwivirtool

Activity Timeline

1 total obs
Apr 10Apr 10

Threat Activity Heatmap

· Peak: 2026-04-10
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
6
Reports
First seenMay 31, 2024
Last seenApr 10, 2026

VirusTotal

Not checked

WHOIS

description
This analysis examines the evolution of Kryptina, a ransomware-as-a-service platform, from a free tool on public forums to being actively used in enterprise attacks under the Mallox ransomware family. In May 2024, a Mallox affiliate leaked staging server data, revealing their Linux ransomware was based on a modified version of Kryptina. The affiliate made superficial changes to source code and documentation, removing Kryptina branding but retaining core functionality. This adoption exemplifies the commoditization of ransomware tools, complicating malware tracking as affiliates blend different codebases into new variants. The report details the similarities and differences between the original Kryptina RaaS and the modified Mallox version, including encryption methods, ransom note templates, and configuration files.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 6 threat reports