SHA256MediumSignal 95/100
1ca67af90400ee6cbbd42175293274a0f5dc05315096cb2e214e4bfe12ffb71f
Location
SpainFirst Seen
Feb 23, 2026
Last Seen
Jun 2, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
95%
Signal Score
95 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
9 reports95% confidence
9
Source reports
95%
Confidence score
Category tags
abuseabuse_ch_hashactiveactive scanningads renameafricaagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingalienvault_ransomwareanalysis: reverse engineeringapiaptasiababukbad reputationbotnetbreachbrute forcebusiness servicescanadacastleratchacha20chacha20 noncechatchlg urlcocamancommand and controlcommercial real estatecommunication technologiesconsumer servicescredential accesscredential harvestingcredential stuffingcrimecrop productionctidatadata encryptiondata exfiltrationdistributed attacksdouble extortionegyptelectronic health recordsencryptionenergyenergy distributioneraseeuropeexeextortionfacilities managementfake claude codefarmingfilefile-hashfilesfinance and insurancefinancial servicesfirstfood productionftp brute forceganggermanygrouphealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp brute forceimpact: data theftindicatorinfostealeringress tool transferiocipv62a03ipv62a12irelanditalyjapanjulienjulien mousquetonkilllateral movementleakleak blogleak siteliftlinuxlinux variantlivestock managementmalmalicious linksmalicious softwaremalwaremalware type: cryptowaremalware type: ransomwaremedical servicesmexicomobile carriersmobile networksmonitormonitoringmutexmutex iocneshtanetwork reconnaissancenetwork scanningnitrogennorth americaoil & gasopenctioperating systemoperation ghostmailother services (except public administration)patient carepayloadpayload ransomwarepayload ransomware grouppeexeperuphilippinesphishingphishing attackplatform: linuxplatform: windowspossible ransomware activitypostpower generationpower systemsprecision agricultureprivilege escalationprocess injectionproperty investmentproperty managementq2 artificialqatarransomransomwareransomware activityratrc4 routinereal estatereal estate developmentreal estate marketreal estate technologyreconnaissanceremote accessremote servicesrenewable energyresearchedresidential real estaterockrssschoolself-deletesingaporesocsocial engineeringsouth americaspainsri lankassh attackstreamstrongsustainable agriculturesystem disruptiont1005t1007t1021t1021.001t1022t1027t1041t1046t1055t1057t1059t1068t1069.001t1070.001t1070.004t1071t1071.001t1074t1076t1078t1083t1105t1106t1110t1110.002t1204.001t1204.002t1480t1486t1489t1490t1496t1497.003t1499.002t1499.003t1518.001t1547t1560t1560.001t1562.001t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1589t1595t1595.001t1595.002t1595.003tcp scantelecom servicestelecommunicationsthirdtor blogtor leaktor negotiationtor networktor nodetrackertraveltrojan malwarettpsttps matrixudp scanunited statesunk_nightowlvictimweb securitywin32 malwarewindows binarywindows malwareyara
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
95
SIGNAL
Signal Score
95%
Confidence
9
Reports
First seenFeb 23, 2026
Last seenJun 2, 2026
VirusTotal
Not checked
WHOIS
- description
- A guide to the Infostealer ransomware group, which was discovered in 2026 and claimed 12 victims in seven countries within hours, has been published by the BBC's Newsround website.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 11 days ago
Appeared in 9 threat reports