IOC Radar
MD5MediumSignal 100/100

0f6d6ef9b82ece9dbbdc711ac00b5e6a

Location
MexicoMexico
First Seen
Mar 20, 2025
Last Seen
Feb 19, 2026
Mar 20
First Seen
465d ago
Feb 19
Last Seen
129d ago
8
Reports
source reports
99%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Feed Intelligence Summary

8 reports99% confidence
8
Source reports
99%
Confidence score
Category tags
.haes extensionabuseactive scanningalienvault_ransomwareamatera stealerattackauthentication attackautobotnetbrute forcecode executioncommandcommand and controlcommand executioncommunications networkscompromise attemptconnected devicescontrolcredential accesscredential brute forcecredential stuffingcritical infrastructurecritical infrastructure targetdata encryptiondata exfiltrationdata inaccessibilitydata leakage threatdata theftddosddos attacksdecryption tool availabledefense systemsdevice managementdevmandevman ransomwaredictionary attackdistributed attacksdouble extortiondoumenemergency servicesencryptionenergy systemseuropeexploitextortionfake captchafile-hashfilehash md5filehash sha1filehash sha256financial motivationfinancial systemsfranceftp brute forcegenericgovernment facilitieshaeshctor slimignacio gmezimpactindicatorindustrial iotinitial accessinternet of thingsiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attacklateral movementlolbinmalicious activitymalicious softwaremalwaremamonamerlax_mexicomirai botnetmxiconetwork intrusionnetwork protocolnetwork reconnaissancenetwork scanningnorth americaoffline operationoffline ransomwareoperation neusploitpassword attackplaticando conpossible ddos preparationprocess injectionransom noteransom note dropperransomwareransomware activityransomware activity detectedransomware infectionreconnaissanceremote accessremote servicesresearchedserviceservice impairmentsmart devicessoftware exploitationssh attacksystem disruptiont1003t1010t1012t1018t1021t1021.001t1021.002t1027t1053t1055t1059t1059.001t1059.003t1059.004t1070t1070.004t1071t1071.001t1076t1077t1078t1082t1083t1110t1110.001t1110.002t1140t1190t1203t1204t1485t1486t1490t1491.001t1496t1498t1499.002t1499.003t1535t1555t1556t1562.001t1563t1565t1566t1571t1585t1588t1595t1595.001t1595.002t1595.003tcp scantelmextelmex consiguitelmex ythreat actortransportation networksudp scanunauthorized access attemptvictorruizwater systemswindows 10windows 11xor-url

Activity Timeline

1 total obs
Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
8
Reports
First seenMar 20, 2025
Last seenFeb 19, 2026

VirusTotal

Not checked

WHOIS

description
MD5 of 15ca8d66aa1404edaa176ccd815c57effea7ed2f
references
https://any.run/cybersecurity-blog/mamona-ransomware-analysis, Cyber Threat Advisory - Update 1 DEVMAN Ransomware Targets Windows 10 and 11.pdf, https://bazaar.abuse.ch/export/csv/recent/, https://x.com/MalGamy12/status/1910072717711155501, https://www.virustotal.com/graph/embed/gab31c6f1199f42789080e5ffbaad369b1e6eab7156064e5f97b879797cf6f183?theme=dark, https://darfe.es/ciberwiki/index.php?title=Mamona

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 8 threat reports