IOC Radar
SHA1MediumSignal 96/100

4a5852e9f9e20b243d8430b229e41b92949e4d69

Location
ThailandThailand
First Seen
Jul 18, 2025
Last Seen
May 6, 2026
Jul 18
First Seen
347d ago
May 6
Last Seen
55d ago
6
Reports
source reports
96%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

74 techniques

Feed Intelligence Summary

6 reports96% confidence
6
Source reports
96%
Confidence score
Category tags
abuseaccess controlactive scanninganti-recoveryasiaaustraliaauthenticationauthentication attackautomated responseautomotive manufacturingbankingbelowblocking actionbotnetbrute forcebrute force attackbrute force attemptsbuilding constructionchacha20chacha20 streamcode executioncode injectioncommand and controlcommand executioncommunication protocolconstruction materialsconstruction safetyconstruction technologycredential accesscredential harvestingcredential stuffingcredit card servicescticyber extortiondata breachdata encryptiondata exfiltrationdata leakdata leak threatdata leakagedata theftdemodenial of servicedire wolfdirewolfdistributed attacksdouble extortionelectronics manufacturingencryptionenumerationeuropeexchange exploitationexfiltrationextortionfile-hashfilterfinancefinancial servicesfinancial technologyftpftp brute forceglobalglobal impactglobal targetinggolanghashhttp brute forcehttp scannerhttpsimpactindicatorindustrial automationindustrial iotindustrial productioninformation technologyinitial accessinput validation bypassintrusion detectioniocit infrastructureitalylateral movementloginmalicious softwaremalwaremanufacturing technologymd5mssqlmssql exploitationmulti-country attackmutexnetwork attacksnetwork probenetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americaoceaniaoperating systempassword attackspath traversalpayment demandpayment processingphishing attackpossible botnet activitypotential unauthorized accessprivilege escalationprocess injectionprocess manufacturingprotocol exploitationquality controlransom demandsransom noteransomwarereconnaissanceremote accessremote servicesreputation-based blockingresearchedscannersecurity operationssecurity policyself-deletionservicesitesocial engineeringsoftware developmentssh attackstrongsupply chain managementsupply chain vulnerabilitysystem disruptiont1003t1016t1018t1021t1021.001t1027t1040t1041t1046t1047t1053t1055t1059t1059.003t1059.004t1059.005t1068t1069.001t1070t1070.001t1071t1071.001t1076t1078t1082t1083t1087t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1112t1189t1190t1195t1195.002t1204t1218t1485t1486t1489t1490t1491t1496t1499.001t1499.002t1499.003t1530t1543t1552t1555t1560t1561t1562t1562.001t1562.002t1563t1564t1564.001t1565t1566t1566.001t1566.002t1566.003t1567t1573t1574t1595t1595.001t1595.002t1595.003taiwantcp protocoltelnet threatthailandthreat intelligencethreat preventiontorsiontox messengertrustwave reportunauthorized access attemptunitedunited statesveeamveeam exploitationwealth managementweb application exploitationweb trafficworker poolxworm

Activity Timeline

1 total obs
May 6May 6

Threat Activity Heatmap

· Peak: 2026-05-06
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
6
Reports
First seenJul 18, 2025
Last seenMay 6, 2026

VirusTotal

Not checked

WHOIS

references
https://asec.ahnlab.com/en/89944, https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/dire-wolf-strikes-new-ransomware-group-targeting-global-sectors, week1.pdf, https://asec.ahnlab.com/en/89944/, https://asec.ahnlab.com/ko/89938/, https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/dire-wolf-strikes-new-ransomware-group-targeting-global-sectors/, https://x.com/skocherhan/status/1937332660940271897, https://x.com/skocherhan/status/1937334021119443235, https://x.com/skocherhan/status/1937336037878947870, https://x.com/skocherhan/status/1937338392112693370, https://x.com/skocherhan/status/1937346633194418286, https://x.com/skocherhan/status/1937350008308924602, https://x.com/skocherhan/status/1937352321572479087, https://x.com/skocherhan/status/1937384915945029636, https://x.com/skocherhan/status/1937398671261257796, https://x.com/skocherhan/status/1937406171410846180, https://x.com/skocherhan/status/1937569601434317066, https://x.com/PaduckLee/status/1937104348154327235

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 1 month ago
Appeared in 6 threat reports