SHA1LowSignal 88/100
311d8a3f6ac533829b96760e33eda2df400910b5
Location
GermanyFirst Seen
Mar 11, 2024
Last Seen
Feb 13, 2026
Mar 11
First Seen
840d ago
Feb 13
Last Seen
136d ago
4
Reports
source reports
88%
Confidence
low
0/75
VirusTotal
detections
Found in 4 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports88% confidence
4
Source reports
88%
Confidence score
Category tags
aaaaacceptaccess controlaccount securityaddressakamaiasn1all octoseekanalyzeanchor hrefsapple iosapple phoneapplication developmentassign functionattackauthorityazorultbasicbloodbodybody lengthboomr functionboomrmq stringbotnetbreast cancerc&cca1 odigicertcallback functioncivil societyclassclick-based attackcobalt strikecode executioncommandcommand and controlcommand executioncommunication protocolcontacted urlscontrol ta0011cookiecorecorporate lawcountrycreation datecritical riskcus cndigicertcus cnmicrosoftcus lsandark powerdata accessdata copyingdata encryptiondata exfiltrationdata transferde indicatorsdefense evasiondelphi genericdenverdetect-debug-environmentdetection listdevelopment methodologiesdevopsdistributed attacksdnsdoctypedos exedos executableelectronic health recordself collectionemotetempty hasherroreurodns saeuropeevasion ta0005exfiltrationexploit sourceextortionfile-hashfilesfinal urlgandi sasgeckogeneral fullgenericgeneric malwaregeneric windosgermanyget httpgmbh versiongraphhashesheader intelhealth care and social assistancehealth information technologyhealthcare information systemshistorical sslhospital managementhostname enumerationhrefshtml documenthttp attackhttp responsehttp scannerhttpshybridicons libraryinc subjectindicatorinfo compilerinformation gatheringinfrastructure acquisitionreconnaissanceingress tool transferintelintellectual property lawiocsipv4ja3skdekhtmlkidney cancerknown-distributorlaw practicelayer protocollcc linkerlegal consultinglegal researchlegal serviceslegal technologylevellink libraryliver cancerlocallockbitlooklukelumma stealerlung cancermainmalicious activitymalicious downloadmalicious linksmalicious softwaremalwaremalware distributionmarkmonitormatches rulemedical centermedical servicesmemory patternmitremitre attmobilemobile securitymonitoringname md5networknetwork connectionnetwork scanningnextnjratnumberodigicert incopenoperating systemoperating system securityoverlaypassive dnspassword bypasspastepatient carepattern matchpdfpdf documentpe resourcepe32 linkerpe32 packerpedllperforms dnsperupetitephiphishingpiiplugxpornhubpost httpproblemprocessprocess injectionprocesses treeproduct developmentprostate cancerprotocol h2protocol t1071pulse pulsespythonquality assuranceransomexxransomwareratrat trojanreconnaissancerecord valuerefreshregistry keysregulatory compliancerelicremoteremote access trojanremote servicesresearchedresolved ipsresource hashrestartreverse dnsroot carticon neutralsabeysamplessarcomascan endpointsscanning hostscriptsearchsecurity policysecurity tlsserver caservice privacyserving ipsha2 secureshellshell codesiblings domainsigmaskin cancersocial engineeringsoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware testingsouth americaspanssdpssl certificatestatus codestatus pagestatus urlstringssubjectsummarysystemsystem disruptiont1005t1016t1021t1021.001t1027t1030t1046 sendst1053t1055t1059t1059.001t1059.005t1064t1069.001t1071t1071.001t1078t1082t1083t1105t1129t1140t1189t1190t1203t1204t1204.001t1204.002t1486t1490t1496t1497t1499.002t1499.003t1547t1565t1566t1566.001t1566.002t1569.002t1587.001t1589.001t1590.001ta0002 defenseta0004 defenseta0007 networkta0009 commandtag counttargetsthreatthreat actorthreat preventionthreat reportthreat rounduptlstls rsatoolstrojan malwaretrustedtsara brashearstulachtwittertypeunicode textunitedurlsursnifuser executionutf8 textvalueverdictverifyweb securityweb trafficwhois recordwhois whoiswin16 newin32 dynamicwin32 malwarewindows malwarewindows ntwiperyara
Activity Timeline
Feb 13Feb 13
Threat Activity Heatmap
· Peak: 2026-02-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
4
Reports
First seenMar 11, 2024
Last seenFeb 13, 2026
WHOIS
- description
- PE32+ executable (DLL) (GUI) x86-64, for MS Windows
- references
- https://www.healthonecares.com/locations/presbyterian-st-lukes-medical-center/physicians, https://www.hybrid-analysis.com/sample/63bf920be2401947bd686d7dd146af7f3e56800409307360105bf50cebb1c1ea, www2.megawebfind.com [command and control], http://ifdnzact.com/?dn=megawebdeals.com&pid=9PO755G95 [ phishing], 20.99.186.246 [exploit source], https://www.healthonecares.com/locations/presbyterian-st-lukes-medical-center/physicians/ [heuristic], Win32:RATX-gen [Trj] identified., CS Sigma Rules: Shadow Copies Deletion Using Operating Systems Utilities by Florian Roth (Nextron Systems), Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community, Andreas Hunkeler (@Karneades), CS Sigma Rules: Disable UAC Using Registry by frack113, http://45.159.189.105/bot/regex [ tracking | botnet], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [Password cracker | Patient being tracked through multiple medical systems], 0-173-x.msn.com | https://twitter.com/PORNO_SEXYBABES | 0-3.duckdns.org | 0-212.pornhub.org | 000web.pornhub.org, https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing], CS Sigma Rules: Wow6432Node CurrentVersion Autorun Keys Modification by Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), Remote Access Trojan
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
lowFirst detected 2 years ago · Last seen 4 months ago
Appeared in 4 threat reports