IOC Radar
SHA256MediumSignal 91/100

41ce94052842475bbc83ab46d3992aca55ca080e2103772f344f0847fcc79f83

Location
SpainSpain
First Seen
May 2, 2026
Last Seen
May 8, 2026
May 2
First Seen
42d ago
May 8
Last Seen
36d ago
2
Reports
source reports
91%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
91%
Signal Score
91 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Feed Intelligence Summary

2 reports91% confidence
2
Source reports
91%
Confidence score
Category tags
.ruactiveactive relatedactive scanall reportantonio apraquirearevalo antonioascii textbackbannock stbatbotnetbotnet activitybotsbrute forceccdkccus asnas749ck idsclickcode pagecorreocourtscriminal attackcvecyberdays agodefense evasiondenmarkdenver countydisplaynamednsdns attackdocument filedougcodynamicloaderemotetencryptionenglerterickaeuropeexecutable fileexploitation activityf-hfastly dnsfile-hashfound pornstarsgh0strathackingheader observedhighhistoryhostilehostile httphua mucatulids detectionsinccindicatorinjectioninjection activityiocipv4jsonlawlittle endianlocallogin joinlogmeinlogmein rescuelowercase hostmalwaremediummockmonitored targetms windowsmsi installernextnorth americanoticenow ooopsnt findnumberobjectionotx logooverruledpackerpackingpagosa springsparedespasswordpatriot actpeexeperupornhubportprograms pornpulses hostnamequeryransomwareratremotereport spamrequestresearchedreview loscarsecurity aprsecurityvaleriasnake keyloggersouth americaspainspamstreamsweett1010t1012t1027t1036t1045t1047t1053t1055t1057t1059t1060t1063t1064t1069t1071t1071.001t1071.004t1082t1083t1105t1112t1119t1129t1143t1207t1480t1497t1518t1553t1553.001t1553.002t1562t1568t1568.002t1571t1573t1574t1583t1588.001t1608.001taskjobthe pagethey knowthreat actorthreat actorstitletls snitor nodetrojantrojandroppertsara brashearstulachunitedunited kingdomunited statesv2 documentvaleriavaleria paredesversionvideos moviesvulnerability scanwe cawindowswritewrite cxy ampyahooyara detectionsyour witness

Activity Timeline

1 total obs
May 8May 8

Threat Activity Heatmap

· Peak: 2026-05-08
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
91
SIGNAL
Signal Score
91%
Confidence
2
Reports
First seenMay 2, 2026
Last seenMay 8, 2026

VirusTotal

Not checked

WHOIS

description
Active cyber issues continue to affect Colorado Judicial, Government and Hospital systems. What’s true: Targeting, Hacking , Rogue Domain Controller. Bad actors regularly ride outdated , poorly managed networks. Tipped: Monitored Targets past irregular mail issues. URLs that redirects to Colorado Justice system., included in a letter that was sent to an undeliverable address. Mail sent again, recipient believes the contents of letters does not appear authentic. Tipped: RE: Monitored Target. Unfavorable, Unjust conditions in Denver , Colorado USA. As recent as 4/2026. Other pulses related to this matter suggests a Pegasus relationship. Will need to analyze.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 1 month ago
Appeared in 2 threat reports