SHA256MediumSignal 94/100
2e5a56beb63f21d9347310412ae6efb29fd3db2d3a3fc0798865a29a3c578d35
Location
First Seen
Mar 18, 2026
Last Seen
Jun 23, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
8 reports94% confidence
8
Source reports
94%
Confidence score
Category tags
abuseabuse_ch_hashalienvault_ransomwareaptasiabad reputationbodybotnetbotnet activitybrute forcec2 servercastleratchlg urlcivil servicescodecode executioncode injectioncommand & controlcommand and controlcommand executioncommercial surveillancecontactcorunacredential harvestingcredential stuffingdarksworddata encryptiondata exfiltrationdata store exposuredistributed attackselectronic health recordsemailencryptioneuropeeurope/asiaexecutable fileexploitexploit chainexploitation activityextortionfake claude codefigurefile-hashghostbladeghostknifeghostsabergovernment technologygtighealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationidleiframeindicatoringress tool transferinjection activityiosjslifeloaderlong-sleepslookmalaysiamalicious linksmalicious softwaremalwaremalware family: ghostblademalware family: ghostknifemalware family: ghostsabermedical servicesmetametadata analysismobile securitymobile threatnation-state activitynextoperation ghostmailpars defensepatchedpatient carephishingphishing attackprocess injectionpublic administrationpublic infrastructurepublic policyransomwareratregulatory agenciesresearchedsaudi arabiascams & fraudsmica83social engineeringsocial media securitysourcestate-sponsoredstrongsystem disruptiont1005t1027t1027.002t1033t1036t1041t1047t1055t1056.001t1057t1059t1059.007t1068t1071t1071.001t1083t1095t1105t1113t1120t1123t1176t1189t1190t1203t1204.001t1210t1213t1486t1490t1496t1499.002t1499.003t1547t1562.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1588.006threat actortitletor nodetrojan malwareturkeyukraineunc6353unc6748unk_nightowlvulnerability scanwatering holeweb exploitationweb securityzero-day exploitationzero-day vulnerability
Activity Timeline
Jun 23Jun 23
Threat Activity Heatmap
· Peak: 2026-06-23LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
8
Reports
First seenMar 18, 2026
Last seenJun 23, 2026
VirusTotal
Not checked
WHOIS
- description
- ASCII text
- references
- https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain, https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/, IOCs.2026.4.csv
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 9 days ago
Appeared in 8 threat reports