SHA256MediumSignal 94/100

`0f4d1a9ac1322f2bb0ae03ff90a2ef81237e626965c33098e49be650050caf8c`

Location

Aruba

First Seen

Aug 30, 2024

Last Seen

Mar 16, 2026

Aug 30

First Seen

654d ago

Mar 16

Last Seen

90d ago

Reports

source reports

94%

Confidence

medium

Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

94%

Signal Score

94 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

161 techniques

Feed Intelligence Summary

3 reports94% confidence

Source reports

94%

Confidence score

Category tags

aaaaableabuseac fdacceptaccess attaccess windowsactive relatedactive scanningadded activeaddressae d9africaaigall ipv4amazonamazon awsamerica asnamerica flagantivm_generic_biosaodm4ka9w usugaapacheappleapple device compromiseappleidaptarubaas-protectasciiascii textashburnasnasnone dnsaspackauthentihashauthorityautorunavast avgawsbackdoorbad trafficbase64-embeddedberbewbitcoinblockchainblockedbobsoftbodybotnetbrowsebrute forcec2cache entrycanadacapecape_detected_threatcape_extracted_contentcaretocertificate analysischi2christoper p. ahmannchromeciekacitizencivilcivil servicescivil societyck idck matrixck techniquesclick-based attackcloudfrontcnamecode executioncode injectioncommandcommand and controlcommand executioncommodity contracts intermediationcommunication protocolcommunication technologiescommunity scorecompromised systemsconectorconnectorcontacted hostscontains-apkcontains-elfcontains-zipcontent typecontrolcorporate lawcosta ricacountrycourier newcredential accesscredential harvestingcredential theftcredentialscrimecrlf linecross-site scriptingcrypcrypto exchangecrypto miningcrypto walletcryptocurrencycryptocurrency threatscryptojackingcssappcssselectorcus odigicertcyber threatscybervolkdangerdashboard falcondatadata encryptiondata exfiltrationdata extractiondata protecteddata theftdata uploaddc-9309168ddos attacksdealdecentralized financedefense evasiondenverdenver ipdeny ageder zugriffdgadga domaindigital currencydistributed attacksdiv divdnsdockdouglas countydownloaderdownloads-zipdynamicloadere7 efedgeeducationee fcemailsemotetencryptencrypted connectionsendgameenglish bahasaenterprise securityentityentries httpenvoy errorenvoy servererreurerrorerror iderroreesteet infoet policyeu cyber policieseuropeevasion ta0005event categoryexcludeexclude suggesexecution attexfiltrationexpiration dateexploitextortionextr referenextraf0 fff8 fcfailedfastest privacyfastlyfastly errorff bbff d5filefile-hashfileless malwarefilesfiles ipfiles showfinancefinancial crimefinancial malwarefinancial servicesfirst dnsflagfont familyformbook stealerfoundfound registryfoundryfull namefull reportsgeckogenericget httpgiftsglobalglobal g2googlegoogle safegoogle taggoogle tag managergovernment technologygtagguardguatemalahackershandlehasheshelp vhighhostname addhostname enumerationhrefhtmlhtml infohtml internethtml smugglinghtml whtml_smugglinghttp attackhttp scannerhybrididsieaaimproved videosin-memory executioninc cndigicertinclude reviewincluded iocsindicatorindustry and commerceinforinformation gatheringinformation technologyinfostealerinfostealer_browserinfostealer_cookiesinfrastructure acquisitionreconnaissanceingress tool transferinjectioninjection t1055injection_inter_processinputinput validation bypassinstallintellectual property lawintelligence agency surveillanceinternet of thingsiociocsiosios devicesiot botnetiot/ics attackipv4ipv4 addit infrastructurejavajavascript injectionjpegjsappjsonkannakey identifierkhtmllaw enforcement surveillancelaw practiceleak sitelearnlegal consultinglegal researchlegal serviceslegal technologylinda listenlinuxlist calistenlisten lindalisteners malicious activitylocallookm brian sabeymaasmacmacosmacos devicesmagia dokumentmagia tekstmagika tekstmalicious downloadmalicious linksmalicious softwaremalwaremalware activitymalware campaignmalware distributionmanually addmatches xmedia centermediummelayu deutschmemory patternmenlometadata analysismexicomiaxdxmicrosoft learnmirai botnetmisc activitymitre attmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywaremodelmodule loadmodulesmonacomonitored targetingmonomouse movementmouso coremove giftsmovedmsiemui englishmulwelimusicmyrakezname microsoftname servername serversname tacticsnetwork intrusionnetwork scanningnextnext associatednorth americansisnsonso groupnumbernumerodciskodcisk kciukaodcisk palcaopendiroperating systemordenar poroverview domainpackingpagepahamify pegasuspakowarka fprotpanamaparagonpassive dnspatch managementpath traversalpattern domainspattern matchpay victimpeavpegasuspeoplephishingphishing attackphonepleasepor ejemplopower querypragmapresent augpresent decpresent febpresent janpresent julpresent junpresent marpresent novpresent octpresent sepprocess detailsprocess injectionprocess t1057process_creation_suspicious_locationprotecting reimerproxypublic administrationpublic infrastructurepublic policypulse pulsespulse submitpushqeaaquasi governmentransomwareread crebootrecon_fingerprintreconnaissancerecord typerecord valueredlinereferen datareferen httpsreferer spamrefreshregexpregional securityregulatory agenciesregulatory compliancerelated pulsesremote accessremote mouseremote servicesrequestresearchedresolved ipsresource hijackingrestartresults janreverse dnsrich perogersrozmiarsamsungscanning activityscans showschemat xmlscriptscript scriptscript urlsse referensearchsecurity operationssend giftsserver responseserversservicesh256rsa odcisksheriffshowshow techniqueshowingsigursilkskynetslcc2social engineeringsocial media securitysoftware developmentsoftware exploitationsoftware vulnerabilitiessonysourcesouth african ipsouth americaspainspamspanspawnsssdeepssl certificatestatusstatus codestatus validstealerstealth_filestreamstringstringssuggessuricata alertssystem disruptiont1001t1003.005t1005t1007t1010t1011t1012t1018t1019t1021t1021.001t1021.006t1027t1027.005t1029t1033t1035t1036t1036.004t1041t1043t1047t1049t1053t1055t1055 malwaret1055.001t1055.003t1056t1057t1059t1059.001t1059.004t1059.007t1060t1063t1064t1068t1069t1069.001t1069.002t1070t1070.004t1070.006t1071t1071.001t1071.004t1074t1074.001t1078t1078.001t1078.004t1082t1083t1088t1090t1094t1102t1105t1106t1110t1112t1113t1114t1114.002t1115t1119t1124t1129t1132t1132.002t1133t1134t1134.001t1134.002t1140t1143t1147t1179t1179 hookingt1185t1189t1190t1192t1202t1203t1204t1204 usert1204.001t1204.002t1210t1211t1213t1218.001t1222t1480t1486t1489t1490t1496t1497t1497.002t1497.003t1498t1499.001t1499.002t1499.003t1505t1518t1518.001t1529t1535t1539t1543t1543.003t1546t1546.015t1547t1553t1553.004t1555t1555.003t1555.004t1557t1557.002t1559t1560t1560.002t1562t1562.001t1563.002t1564t1564.001t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1568.002t1569t1569.002t1570t1573t1583t1587.001t1588t1588.002t1589t1589.001t1590t1590.001t1591t1592t1595t1595.001t1595.002t1595.003t1596.001t1596.004t1598t1614tag managertargettelecom servicestelecommunicationstelockthird-party tracking abusethomaskralowthreat intelligencethunktiktoktitletitle errortlstls handshaketls rsatlsv1toolstr sharedtraffic maskingtreetridenttriid pliktroja yaratrojan downloadertrojan malwaretrojandroppertrojar datattl valuetwittertyp plikutypetype indicatortypelib englishtypou0304u0308u0329u038cu20b4unicodeunicode textunitedunited statesunknown nsupdated dateupdaterupxurlsurls httpsurls showuser executionutc firstutc googleutf8 unicodeuwmlifev memoryv3 serialvalidvalid fromvalid usageverifyvhashvirtovirtoolvoidwearweb application exploitationweb exploitationweb securityweb trafficwhois serverwin32 malwarewin32mydoom janwin32upatre julwindirwindows malwarewindows ntwixworker processwormworn datawritex509v3 subjectxssyangyarayara rulez bardzozero-day exploitzipcode

Activity Timeline

1 total obs

Mar 16Mar 16

Threat Activity Heatmap

· Peak: 2026-03-16

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Threat ScoreHigh Risk

SIGNAL

Signal Score

94%

Confidence

Reports

First seenAug 30, 2024

Last seenMar 16, 2026

VirusTotal

Not checked

WHOIS

description: https://medium.com/detect-fyi/cybervolks-ransomware-ad38134b1b0a f7d17c14e19cda1bd098ebff10fbe295ad188a63c79c4b94e9b7a92c9002d6e7 tg:resolve?domena=CyberVolk_TNT&post=81 //telegram.org/dl?tme=ed32aeab33e9bcb82b_3732044126076444480

`0f4d1a9ac1322f2bb0ae03ff90a2ef81237e626965c33098e49be650050caf8c`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy