SHA1HighVerifiedSignal 54/100
3cfc95ebff0ce7dd7301eecc34bb84ee23beede8
Location
CanadaFirst Seen
Jul 26, 2022
Last Seen
Apr 23, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
Feed Intelligence Summary
5 reports54% confidence
5
Source reports
54%
Confidence score
Category tags
aaaaabuseactive scanalertsalienvault_ransomwareall octoseekantivm_generic_biosantivm_generic_diskattackattrbad reputationblockbodybrian sabeycanadacapechceszchildcivil societyck idck matrixclassclickcnamecobalt strikecollections ipcommand decodecontactcopycreation datedelete cdns attackdynamicdynamic_function_loadingdynamicloaderdziki jegoecacc saa83ddentityentriesenumerates_physical_driveserrorexploitation activityexports datafile-hashfunctionglasgowguardhighhour agohybridindicatorintelinteresuje ciiocsipv4jeliknown-distributorloaded modulemalwaremediummetamitre attmobile threatmozillams windowsnation-state activitynetworknetwork_bindnextnjratnjrat malwarenorth americaoddajemy wopenpgp publicpassive dnspe resourcephishingpit projektpity onlinepity zapisanepleasepresent aprpresent augpresent febpresent janpresent julpresent marpresent sepprocmem_yaraprogrampseudoransomwareratreadsreads_selfrecord valueregexpremote procedure callreport spamresearchedrsa sha256scanscan endpointsscript urlssearchshowshow techniqueshowingsniffsspamstealth networkstealth_file spawns_dev_utilitystreamstringssuricata ipv4suricata udpv4telecommunicationsthreat actortor nodetrojantwoje rcetypeof etypeof moduletypeof tunitedurlsurls httpwhois recordwhois whoiswindows ntwritewrite cyara detectionsyara rule
Activity Timeline
Apr 23Apr 23
Threat Activity Heatmap
· Peak: 2026-04-23LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
5
Reports
First seenJul 26, 2022
Last seenApr 23, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- data
- references
- https://www.virustotal.com/gui/collection/989211d1a413946fe696650e0acd61b70db946329c3631bb6344b6ba2994f1e4, https://www.virustotal.com/graph/embed/gffa96af2da084a3e8f63fa483d305a7d12e73718254646f38ec1e3347738446f?theme=dark, http://hybrid-analysis.com/file-collection/69e5fbc9826655358b037df6, https://www.pitprojekt.pl/wp-includes/js/jquery/jquery.min.js?ver=3.7.1, nitro-min-f43b551b749a36845288913120943cc6.jquery.min.js, https://www.pitprojekt.pl/wp-content/plugins/dp-portfolio-posts-pro-1/js/ajax-get-post.js?ver=1.0.2, http://www.pitprojekt.pl/files/772/119/PitProjekt2012Setup.exe, http://pitprojekt.pl, http://pit projekt.pl, http://www.tabxexplorer.com [phishing], http://www.tabxexplorer.com/lenovo, GET /lenovo HTTP/1.1 Host: www.tabxexplorer.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0, identity_helper.exe, cdn.easykeys.com, hive21.ctcsoftware.com, www.moxa.com, msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com, IDS Detections: Cobalt Strike Malleable C2 JQuery, IDS Detections: Nullsoft Mozilla UA (NSISDL), IDS Detections: Observed Suspicious UA (NSISDL/1.2 (Mozilla)), IDS Detections: SSL excessive fatal alerts (possible POODLE attack against server), IDS Detections: GENERIC Likely Malicious Fake IE Downloading .exe, Tulach Malware: 114.114.114.114, ns3.hallgrandsale.ru, AgentTesla.KM: FileHash-MD5 e0801d62e8379b98177fd94a027e8b30, AgentTesla.KM: FileHash-SHA1 0fa00a939ca8af08c90310b808d1d8fc70a518c3, Yara Detection: Nullsoft_NSIS
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 3 years ago · Last seen 1 month ago
Appeared in 5 threat reports