SHA256MediumSignal 100/100
330d36e248881a0a24a7d0612f3ac9a5a24cc960b36c2fe9ba0d63941b12fc18
Location
First Seen
Nov 15, 2024
Last Seen
Aug 24, 2025
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
7 reports99% confidence
7
Source reports
99%
Confidence score
Category tags
aerospace & defenseaptattackbackdoorbig game huntingbig-game huntingbodybotnetbuttoncactuscivil servicesclosecobaltstrikecode executioncode injectioncommand and controlcommand executioncontactcredential harvestingdata accessdata copyingdata encryptiondata exfiltrationdata extortiondata leakdata leak sitedata transferdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdistributed attacksdll side-loadingdll sideloadingdouble extortioneuropeextortionfilefile-hashfindfooterformgamaredongamaredon aptgermanygithubgovernment technologygthostgthost isphyperhosting ispindicatoringress tool transferinitial accessinput validation bypassinterlockiocslinklnklnk abuselnk file attacklnk fileslong-command-line-argumentslong-sleepsmainmalicious activitymalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmetadata analysismetasploitmilitary operationsnational securitynetwork iocsopenoperating systempath traversalphishingphishing attackphishing campaignpowershell downloadpowershell downloaderprocess injectionpublic administrationpublic infrastructurepublic policyransomwareregulatory agenciesreloadremcos trojanremote accessremote access trojanremote servicesresearchedrussian federationrussian threat actorscriptscripting attackssmallsocial engineeringsocial media securityspanspearphishingstarsuspsystem disruptiont1005t1021.001t1027t1027.002t1030t1041t1047t1053t1053.005t1055t1055.001t1059t1059.001t1059.003t1059.005t1069.001t1071.001t1078t1078.001t1083t1086t1105t1133t1140t1189t1190t1193t1195t1195.002t1202t1204t1204.002t1210t1486t1490t1496t1499.002t1499.003t1547t1547.001t1547_009t1565t1566t1566.001t1566.002t1566.003t1573tetraloaderthreat actortrojan malwareukraineukraine targetingurl-patternweb application exploitationworldwide secrets blogwrite
Activity Timeline
Aug 24Aug 24
Threat Activity Heatmap
· Peak: 2025-08-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
7
Reports
First seenNov 15, 2024
Last seenAug 24, 2025
VirusTotal
Not checked
WHOIS
- description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 29 14:52:48 2024, mtime=Wed Oct 9 20:25:36 2024, atime=Thu Aug 29 14:52:48 2024, length=455680, window=hide
- references
- https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/, uat-5918.txt, online-marketplace-scams.txt, new-tornet-backdoor-campaign.txt, pathwiper (1).txt, pathwiper.txt, uat-6382.txt, iocs_gamaredon_remcos.txt, toymaker.txt, new-persistent-attacks-japan.txt, lotus-blossom-espionage-group.txt, https://bazaar.abuse.ch/export/csv/recent/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 10 months ago
Appeared in 7 threat reports