IOC Radar
MD5MediumSignal 30/100

3ec20285d88906336bd4119a74d977a0

First Seen
Feb 27, 2025
Last Seen
Feb 20, 2026
Feb 27
First Seen
480d ago
Feb 20
Last Seen
122d ago
3
Reports
source reports
30%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Feed Intelligence Summary

3 reports30% confidence
3
Source reports
30%
Confidence score
Category tags
active scanningapacapac regionappdataaptasia-pacificautomotive manufacturingbotnetbuilding constructioncdn exploitationcivil servicescloud service abusecode executioncode injectioncommand and controlcommand executioncommunication technologiesconstruction materialsconstruction safetyconstruction technologycredential accesscredential harvestingcrypto cybercyber threatdata exfiltrationdata theftdefencedirectorydistributed attacksdll sideloadingelectronic health recordselectronics manufacturingenergyenergy distributionexfiltrationfatalratfile-hashgh0stgh0st ratgovernment technologygroup policygroup policy injectionhasheshealth care and social assistancehealth information technologyhealthcare information systemshospital managementicsindicatorindustrial automationindustrial control systemsindustrial iotindustrial organizationsindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessit infrastructurekaspersky icslateral movementmalicious softwaremalwaremanufacturing technologymedical servicesmobilemobile carriersmobile networksmobile securitymonitoringmoudoormydoornetwork probingnetwork reconnaissancenextnspackoil & gasoperation salmonslalompatient carepersistent accessphishing attackpower generationpower systemsprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policyquality controlratsreconnaissanceregulatory agenciesremote accessremote access trojanrenewable energyresearchedsandboxscadasimaysimayratsocial engineeringsoftware developmentsupply chain attacksupply chain managementt1003t1012t1016t1021t1027t1033t1036t1046t1047t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1064t1068t1070.001t1071t1071.001t1078t1082t1083t1102t1105t1112t1132t1135t1136t1140t1190t1195t1202t1204t1218t1486t1496t1499.002t1499.003t1518t1530t1543.003t1547t1548t1553t1555t1564t1565t1566t1566.001t1566.002t1566.003t1573t1574.002t1587.001t1588t1590.001t1595.001t1595.002t1595.003t1598telecom servicestelecommunicationstimettpsturnurlsyoudao cloudyoudao cloud noteszegost

Activity Timeline

1 total obs
Feb 20Feb 20

Threat Activity Heatmap

· Peak: 2026-02-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
3
Reports
First seenFeb 27, 2025
Last seenFeb 20, 2026

VirusTotal

Not checked

WHOIS

description
New malware campaign targeting industrial organizations in Asia-Pacific has been identified, named Operation SalmonSlalom.
references
https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets, https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 3 threat reports