SHA256MediumSignal 77/100
27c62a041cc3c88df60dfceb50aa5f2217e1ac2ef9e796d7369e9e1be52ebb64
First Seen
Apr 17, 2026
Last Seen
Apr 24, 2026
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
3 reports77% confidence
3
Source reports
77%
Confidence score
Category tags
active scanagentattackbackbad reputationcloudcontactdemodetect-debug-environmentdevtcpipportelfenumerateexecutable fileexploitation activityfile-hashgrephuntindicatoripv4kagentlinuxmalwaremarimonkabusenkn blockchainpostgresqlpythonrebootresearchedreverse shellselectspacesstrongsysdigt1016t1021.004t1027.002t1033t1053t1053.003t1059.004t1059.006t1071.004t1082t1083t1090t1095t1105t1140t1190t1543.001t1543.002t1552.001t1571t1573.002targetupxvulnerability scan
Activity Timeline
Apr 24Apr 24
Threat Activity Heatmap
· Peak: 2026-04-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
3
Reports
First seenApr 17, 2026
Last seenApr 24, 2026
VirusTotal
Not checked
WHOIS
- description
- ELF 64-bit LSB executable, x86-64, version 1 (SYSV), Go BuildID=I6wKDIyGdLlBggrT9XSr/-zkjYiD76pZXx92TkC5R/AR65mI56owuuW14t1WoX/Vn4cFGg9UhX_5hs7YOoT, statically linked, no section header
- references
- https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface, IOCs.2026.csv, https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface#conclusion
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 months ago · Last seen 2 months ago
Appeared in 3 threat reports