SHA256MediumSignal 92/100
2927bc31b4f8254c6b332fc03110a6373cad00ffa2ff9de427c26bb222017bb2
Location
First Seen
May 28, 2026
Last Seen
Jun 15, 2026
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
92%
Signal Score
92 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports92% confidence
4
Source reports
92%
Confidence score
Category tags
arctic wolfchromechromestealerdetect-debug-environmentekz infostealerendpoint exploitationexploitation activityfile-hashfirefoxforticlient emsfortinetgenerichttphttp postindicatorinfostealeripv62a03ipv62a12linuxlong-sleepsnoteopencti_label forticlientopencti_label forticlient emsosintpedllperupowershellremote accessresearchedsouth americat1003t1012t1027t1041t1055t1055.012t1057t1059t1070t1070.004t1083t1140t1190t1497t1497.003t1555t1555.003vpn configuration abusevulnerability scanwindowswolf
Activity Timeline
Jun 15Jun 15
Threat Activity Heatmap
· Peak: 2026-06-15LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
92
SIGNAL
Signal Score
92%
Confidence
4
Reports
First seenMay 28, 2026
Last seenJun 15, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
- references
- https://arcticwolf.com/resources/blog/forticlient-ems-exploited-via-cve-2026-35616-to-deliver-ekz-infostealer-disguised-as-a-fortinet-patch, https://arcticwolf.com/resources/blog/forticlient-ems-exploited-via-cve-2026-35616-to-deliver-ekz-infostealer-disguised-as-a-fortinet-patch/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 month ago · Last seen 18 days ago
Appeared in 4 threat reports