IOC Radar
SHA256MediumSignal 94/100

2e5a56beb63f21d9347310412ae6efb29fd3db2d3a3fc0798865a29a3c578d35

Location
UkraineUkraine
First Seen
Mar 18, 2026
Last Seen
Jun 23, 2026
Mar 18
First Seen
105d ago
Jun 23
Last Seen
9d ago
8
Reports
source reports
94%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Feed Intelligence Summary

8 reports94% confidence
8
Source reports
94%
Confidence score
Category tags
abuseabuse_ch_hashalienvault_ransomwareaptasiabad reputationbodybotnetbotnet activitybrute forcec2 servercastleratchlg urlcivil servicescodecode executioncode injectioncommand & controlcommand and controlcommand executioncommercial surveillancecontactcorunacredential harvestingcredential stuffingdarksworddata encryptiondata exfiltrationdata store exposuredistributed attackselectronic health recordsemailencryptioneuropeeurope/asiaexecutable fileexploitexploit chainexploitation activityextortionfake claude codefigurefile-hashghostbladeghostknifeghostsabergovernment technologygtighealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationidleiframeindicatoringress tool transferinjection activityiosjslifeloaderlong-sleepslookmalaysiamalicious linksmalicious softwaremalwaremalware family: ghostblademalware family: ghostknifemalware family: ghostsabermedical servicesmetametadata analysismobile securitymobile threatnation-state activitynextoperation ghostmailpars defensepatchedpatient carephishingphishing attackprocess injectionpublic administrationpublic infrastructurepublic policyransomwareratregulatory agenciesresearchedsaudi arabiascams & fraudsmica83social engineeringsocial media securitysourcestate-sponsoredstrongsystem disruptiont1005t1027t1027.002t1033t1036t1041t1047t1055t1056.001t1057t1059t1059.007t1068t1071t1071.001t1083t1095t1105t1113t1120t1123t1176t1189t1190t1203t1204.001t1210t1213t1486t1490t1496t1499.002t1499.003t1547t1562.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1588.006threat actortitletor nodetrojan malwareturkeyukraineunc6353unc6748unk_nightowlvulnerability scanwatering holeweb exploitationweb securityzero-day exploitationzero-day vulnerability

Activity Timeline

1 total obs
Jun 23Jun 23

Threat Activity Heatmap

· Peak: 2026-06-23
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
8
Reports
First seenMar 18, 2026
Last seenJun 23, 2026

VirusTotal

Not checked

WHOIS

description
ASCII text
references
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain, https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/, IOCs.2026.4.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 9 days ago
Appeared in 8 threat reports