IOC Radar
SHA256MediumSignal 100/100

330d36e248881a0a24a7d0612f3ac9a5a24cc960b36c2fe9ba0d63941b12fc18

Location
UkraineUkraine
First Seen
Nov 15, 2024
Last Seen
Aug 24, 2025
Nov 15
First Seen
595d ago
Aug 24
Last Seen
313d ago
7
Reports
source reports
99%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Feed Intelligence Summary

7 reports99% confidence
7
Source reports
99%
Confidence score
Category tags
aerospace & defenseaptattackbackdoorbig game huntingbig-game huntingbodybotnetbuttoncactuscivil servicesclosecobaltstrikecode executioncode injectioncommand and controlcommand executioncontactcredential harvestingdata accessdata copyingdata encryptiondata exfiltrationdata extortiondata leakdata leak sitedata transferdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdistributed attacksdll side-loadingdll sideloadingdouble extortioneuropeextortionfilefile-hashfindfooterformgamaredongamaredon aptgermanygithubgovernment technologygthostgthost isphyperhosting ispindicatoringress tool transferinitial accessinput validation bypassinterlockiocslinklnklnk abuselnk file attacklnk fileslong-command-line-argumentslong-sleepsmainmalicious activitymalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmetadata analysismetasploitmilitary operationsnational securitynetwork iocsopenoperating systempath traversalphishingphishing attackphishing campaignpowershell downloadpowershell downloaderprocess injectionpublic administrationpublic infrastructurepublic policyransomwareregulatory agenciesreloadremcos trojanremote accessremote access trojanremote servicesresearchedrussian federationrussian threat actorscriptscripting attackssmallsocial engineeringsocial media securityspanspearphishingstarsuspsystem disruptiont1005t1021.001t1027t1027.002t1030t1041t1047t1053t1053.005t1055t1055.001t1059t1059.001t1059.003t1059.005t1069.001t1071.001t1078t1078.001t1083t1086t1105t1133t1140t1189t1190t1193t1195t1195.002t1202t1204t1204.002t1210t1486t1490t1496t1499.002t1499.003t1547t1547.001t1547_009t1565t1566t1566.001t1566.002t1566.003t1573tetraloaderthreat actortrojan malwareukraineukraine targetingurl-patternweb application exploitationworldwide secrets blogwrite

Activity Timeline

1 total obs
Aug 24Aug 24

Threat Activity Heatmap

· Peak: 2025-08-24
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
7
Reports
First seenNov 15, 2024
Last seenAug 24, 2025

VirusTotal

Not checked

WHOIS

description
MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 29 14:52:48 2024, mtime=Wed Oct 9 20:25:36 2024, atime=Thu Aug 29 14:52:48 2024, length=455680, window=hide
references
https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/, uat-5918.txt, online-marketplace-scams.txt, new-tornet-backdoor-campaign.txt, pathwiper (1).txt, pathwiper.txt, uat-6382.txt, iocs_gamaredon_remcos.txt, toymaker.txt, new-persistent-attacks-japan.txt, lotus-blossom-espionage-group.txt, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 months ago
Appeared in 7 threat reports