SHA256MediumSignal 87/100
329d721aabb8fc108486f7cae321528ddb1e754022b594d2440fe1a9b0a5b2dd
Location
First Seen
Jun 12, 2025
Last Seen
May 6, 2026
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
87%
Signal Score
87 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports87% confidence
4
Source reports
87%
Confidence score
Category tags
.cc domainaaaaabuseacceptaccount compromiseaccount discoveryaccount manipulationaccount profilingaccount takeoveractiveactive scanactive scanningaddressaddress rangeadvanced persistent threatalertsallocation typeamazonamazon s3amazons3 tlsamerica flaganalysis dateanalysis ob0001analysis ob0002arrayasciiascii textasiaav detectionsbackdoorbackdoor:linux/demonbotbad reputationblack bastablack-bastabodybotnetbotnet activitybrowse tobrute forcebuiltcatalog treeccbasecdncdn amazoncertificate analysischina unknownchromecidrcivilcivil servicescivilian targetingcjutxgck idclickclick-based attackcloud infrastructurecloudfrontcnamecnmicrosoft ecccodecode executioncode injectioncommandcommand and controlcommand decodecommand executioncommunication protocolcommunication technologiescompromised routercompromised servercontentcontrol ta0011controls learncookiecopycountry namecovacova cryptbotcps httpscrashcreation datecredential accesscredential harvestingcredential stuffingcrowdsourced informationcryptbotcus subjectdap domaindatadata accessdata copyingdata deletiondata encryptiondata exfiltrationdata oc0004data store exposuredata transferdatabddosddos attacksdefense evasiondeletedelphidenial of servicedetect-debug-environmentdigital culturedigital pressdisabledistributed attacksdnsdns attackdomaindropdrop ordynamicloaderedgeelectronic health recordselementemailsencryptionenterenter sourceentity amazon4entrieserrorerror httpsevasion attevasion ta0005exchange metaexecutable fileexpirationexploitation activityextortionextractfile-hashfilesfiles ipfiles locationfirmware modificationflag unitedfollow bot activityformfoundfound titlegapd5dgeckogeneric pongget httpget httpsglobalgoogle taggovernment technologygroupgtmkvjvztk dlhackerhandlehead bodyhealth care and social assistancehealth information technologyhealthcare information systemshighhospital managementhostilehostnamehostname addhostname enumerationhtml documenthtml internethttphttp attackhttp scannerhttpshybridicmpidentity & access exploitationids detectionsiframe tagsimpact ta0040indicatorinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinput validation bypassinternal serverinternet of thingsiocsiosios malwareiot botnetiot securityiot/ics attackipv4ipv4 addit infrastructurejsonkey0khtmllearnlegal abuselinuxlinux malwarelocallookmalicious linksmalicious softwaremalwaremass surveillancemedical servicesmediummedium riskmetametadata analysismiraimirai attmirai botnetmitre attmobilemobile carriersmobile networksmobile securitymobile threatmodify toolsmovedmsiemutexes nothingname tacticsnation-state activitynetwork namenetwork probingnetwork scanningnextnext associatednext httpno expirationnorth americanothingnumberob0007 impactob0012 fileomicrosoft copen threatopeniocopenurl coperating systemoverlaypackerpacking t1045passive dnspassive dns analysispathpath traversalpatient carepattern matchpcappdf reportpeexepegasuspegasus projectperuphishingphishing attackpoliceportpost httpspresent augpresent febpresent julpresent junpresent marpresent novpresent octpresent sepprivacy violationprocess injectionprocess oc0003public administrationpublic infrastructurepublic policypulse pulsespulse showpulse submitpulses urlransomransomwarerdapreadread creconnaissancerecord valuerefreshregulatory agenciesrelated nidsrelated pulsesremote accessremote access trojanremote servicesreporting archrequestresearchedresolved ipsresolverrorrestartreverse dnsreview iocsrgbarich contentrole titlescans showscript tagssearchsecurity operationsselect fileserverserver caserver responseshowshowingsigning defensesingaporesingapore asnsizesmssms exploitsnisocial engineeringsocial media attacksocial media manipulationsocial media securitysoftware developmentsoftware exploitationsouth americaspanspawnsssl certificatestarfieldstate-promovedstate-sponsoredstealerstixstringsstwa lredmondsubvert trustsuricata ipv4surveillance technologysystemsystem disruptionsystem oc0001t1003t1004t1005t1016t1020t1021t1021.001t1021.006t1027t1030t1036t1037t1041t1045t1053t1055t1056t1057t1059t1059.005t1060t1064t1068t1069t1069.001t1070t1071t1071.001t1071.004t1078t1081t1082t1087t1105t1110t1112t1113t1119t1129t1133t1140t1156t1187t1189t1190t1199t1203t1204t1204.001t1204.002t1205t1210t1211t1212t1480t1480 executiont1485t1486t1490t1491t1495t1496t1497t1499t1499.002t1499.003t1505t1518t1529t1530t1539t1543t1546t1552t1553t1553 techniquet1555t1556t1562t1562 techniquet1564t1564.001t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1583.001t1583.005t1583.006t1584t1585t1586t1587t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1591t1592t1592.004t1593t1594t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666ta0004 defenseta0009 commandtag managertags twittertargeted spyware campaigntargeted-attackstelecom servicestelecommunicationstext dragthreat actorthreat intelligencetitletlstoolstop destinationtop sourcetor nodetotaltrojantrojan malwaretrojandroppertwittertype indicatorunicode textuniqueunitedunited statesunknown cnameunknown nsupdate secureurlsurls serverurls showuser agentuser executionutc googlev3 serialverdictverifyvulnerability scanwarehouse mgmtweb application attackweb application exploitationweb securityweb trafficwhois informationwhois serverwin32 malwarewindirwindowswindows malwarewindows ntwormwritex509v3 subjectyara detectionsyara rulezero click exploitzero-day exploit
Activity Timeline
May 6May 6
Threat Activity Heatmap
· Peak: 2026-05-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
87
SIGNAL
Signal Score
87%
Confidence
4
Reports
First seenJun 12, 2025
Last seenMay 6, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32 executable (GUI) Intel 80386, for MS Windows
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 4 threat reports