IOC Radar
SHA256MediumSignal 98/100

3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858

Location
PeruPeru
First Seen
Oct 11, 2023
Last Seen
May 21, 2026
Oct 11
First Seen
977d ago
May 21
Last Seen
25d ago
10
Reports
source reports
98%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

54 techniques

Feed Intelligence Summary

10 reports98% confidence
10
Source reports
98%
Confidence score
Category tags
abuseacademic institutionsactive scanadvanced threataptapt groupapt41arsenalbackdoorbad reputationbankingbotnetbotnet activitybrute forcebrute ratelc domainsc serversc2 communicationcivil servicescobaltcobalt strikecobalt strike frameworkcoinminercommand & controlcommand and controlconfigconsumer goodscpolarcredential accesscredential stuffingcredit card servicescryptocurrencycustom malwarecustom toolscyber threatdata exfiltrationdata store exposuredatabase securitydefensedetect-debug-environmentdevelops customdirect-cpu-clock-accessdistributed attacksdll sideloadingearth lamiaearthwormeducationeducational resourceseducational serviceseducational technologyexecutable fileexploitationexploitation activityfile-hashfinancefinance and insurancefinancial servicesfinancial technologyfleet managementfreight servicesfscangovernment technologyguest accounthigher educationidentity & access exploitationiis webindicatorinformation technologyinjection activityinjection attacksiot securityit infrastructurejuicypotato exploitk-12 educationkimsukyladonlateral movementlauncherlazaruslong-sleepsmalicious softwaremalwaremalware developmentmaritime transportmulti-industry targetingnation-state activitynetcatnetwork attackspassenger transportationpathpayment processingpeexeperuphishingpotatopotato malwareprintnotifypotatoprivilege escalationprocess injectionpublic administrationpublic infrastructurepublic policypulsepack malwarerail transportransomwareregulatory agenciesremote accessresearchedretail traderunasruntime-modulesshadowsoftware developmentsouth americasql injectionstowaway toolsyrunast1003t1005t1016t1021.001t1021.002t1027t1053t1053.005t1055t1055.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1071t1071.001t1078t1078.003t1105t1133t1136.001t1140t1189t1190t1204t1204.002t1210t1486t1496t1499.002t1499.003t1505.003t1547t1547.001t1555t1565t1566t1566.001t1569.002t1583.001t1583.003t1587.001t1590t1592t1592.001t1592.002t1592.003t1595.001t1595.002t1608.001t1608.002targeted attacktargeting databasetelecommunicationsthreat actortoolstor nodetransportation and warehousingtransportation infrastructuretransportation technologyvshellvshell malwarevulnerability scanwealth managementwebshellwindowswinrarxmrig

Activity Timeline

1 total obs
May 21May 21

Threat Activity Heatmap

· Peak: 2026-05-21
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
10
Reports
First seenOct 11, 2023
Last seenMay 21, 2026

VirusTotal

Not checked

WHOIS

description
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
references
https://www.trendmicro.com/en_us/research/25/e/earth-lamia.html, https://asec.ahnlab.com/en/66994/, https://documents.trendmicro.com/assets/txt/earth_lamia_iocs_v2CeWlPie.txt, https://asec.ahnlab.com/en/56236/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 25 days ago
Appeared in 10 threat reports