IOC Radar
SHA256MediumSignal 93/100

16f413862efda3aba631d8a7ae2bfff6d84acd9f454a7adaa518c7a8a6f375a5

Location
Korea, Democratic People's Republic ofKorea, Democratic People's Republic of
First Seen
Sep 14, 2022
Last Seen
Apr 21, 2026
Sep 14
First Seen
1387d ago
Apr 21
Last Seen
72d ago
7
Reports
source reports
93%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
93%
Signal Score
93 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Feed Intelligence Summary

7 reports93% confidence
7
Source reports
93%
Confidence score
Category tags
abuseaccess attemptactive scanactive scanningactor/lazarusalienvault_ransomwareandroidapt38apt41asiaattackauthentication attackauthentication attemptsbad reputationblackflybotnetbotnet activitybronze atlasbronze huntleybrute forcechain securitychinesecisco secureclickclosecloud securitycnicobalt strikecommand & controlcommand and controlcommand intentcrash handlercredential accesscredential attackcredential stuffingcyberdata exfiltrationdata store exposuredetect-debug-environmentdirect-cpu-clock-accessdistributed attacksdll loaderdll sideloadingdragonflydragonfly groupdtrackeduard kovacsenergyenumerationeuropeexec bypassexploit probingexploitation activityfile-hashfin scanfindfoodfortinet devicefscanftp brute forcegaminggroup targetedhackedhavexhellohttp brute forceics equipmentidentity & access exploitationimpactimplantindicatorindonesiaindustrial control systemsinjection activityiocs vsingleionut arghireiot securitykorea, democratic people's republic ofkorplugladonlazaruslegitlightloaderlogin attacklolbinslong-sleepslsasslsass processmagicratmagicrat c2smalicious softwaremalwaremalware/magicratmalware/mimikatzmalware/vsinglemalware/yamabotmediamobile threatnbtscannetwork activitynetwork reconnaissancenetwork scanningnetwork securitynull scanoctopusoldreaoleviewoperating systemoverlaypackerloaderpassword attackpatchpeexeperuplinkplugxpotential intrusionpower gridpowershellpriorprocess injectionprojectprotocol exploitationpsexecputtypythonquasarratransomwareratratsreconnaissanceredflyremote accessremote servicesremovedresearchedrootkitruntime-modulesrussian sandwormscrollsemiconductorserviceservice discoveryservice scanshadowpad c2shadowpad dllsignedsouth americassh attackstuxnetsummersyn scant1018t1021t1021.001t1040t1046t1055t1059t1069.001t1071t1071.001t1076t1078t1082t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1563t1565t1588t1595t1595.001t1595.002t1595.003tcp scanteamtelnet threattempthreatthreat actorthreat hunterthreat spotlighttigerrattoolstor nodetrochilus rattrojanttpstyphoonudp port scanudp scanukraineunauthorized accessunitedurls httpvicevmwarevolt typhoonvsinglevsingle c2svulnerability scanweb attackwebinarwin32 malwarewindowswindows malwarewinntixmas scanyamabotyamabot c2s

Activity Timeline

1 total obs
Apr 21Apr 21

Threat Activity Heatmap

· Peak: 2026-04-21
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
93
SIGNAL
Signal Score
93%
Confidence
7
Reports
First seenSep 14, 2022
Last seenApr 21, 2026

VirusTotal

Not checked

WHOIS

description
PE32+ executable (console) x86-64, for MS Windows
references
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks, https://blog.talosintelligence.com/lazarus-three-rats/, September 13th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3232 - Redfly Group Targeted Power Grid in Asia.pdf, September 13th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3232 - Redfly Group Targeted Power Grid in Asia, https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html, https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html, IOCs - ShadowPad.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 2 months ago
Appeared in 7 threat reports