IOC Radar
SHA1MediumSignal 99/100

4ec3c90846af6b79ee1a5188eefa3fd21f6d4cf6

Location
PeruPeru
First Seen
Jan 24, 2026
Last Seen
May 29, 2026
Jan 24
First Seen
147d ago
May 29
Last Seen
23d ago
9
Reports
source reports
99%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

85 techniques

Feed Intelligence Summary

9 reports99% confidence
9
Source reports
99%
Confidence score
Category tags
abuseabuse_ch_hashaccess tokenactive scanactive scanningamatera stealerapplied researchaptapt groupapt44autoautomotive manufacturingbad reputationbitcoinaddressbotnetbotnet activitybrute forcebrute force attackcert polskachecks-user-inputcivil servicesck mappingcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecode executioncombined heat powercommand and controlcommand executioncommunication technologiescommunications networkscredential accesscredential harvestingcredential stuffingcritical infrastructurecryptocurrencycyber threatscyberattackdata corruptiondata deletiondata destructiondata destruction attackdata destruction incidentdata erasuredata exfiltrationdata exfiltration attemptdata exfiltration preventiondata store exposuredata wipingdata wiping malwaredefense systemsdestructive operationsdetailsdevelopment labsdistributed attacksdistribution managementeasyelectronics manufacturingemergency servicesenergyenergy distributionenergy sectorenergy sector attackenergy systemsenglish espaoleseteset researcheset securityeuropeeurope/asiaexeexecutable deploymentexecutable fileexploitationexploitation activityfake captchafastfile-hashfilehash md5filehash sha1filehash sha256financefinancial servicesfinancial systemsfirstfleet managementfortigate exploitationfreight forwardingfreight servicesgeopolitical threatgovernment facilitiesgovernment technologygreyenergygroup policygruhandalahighhoneymyteicsics securityidentity & access exploitationimpactindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninfostealerinitial accessinitial-accessinjection activityinnovation managementinventory managementiocs: bitcoinaddressiocs: domainiocs: filehashiocs: registryiot securityiranian aptiranian threat actorskimsukylateral movementlogiclogistics technologylolbinmalicious powershell activitymalicious softwaremalwaremalware analysismalware deliverymalware deploymentmalwarebazaarmanufacturing technologymaritime transportmediamitre attmobile carriersmobile networksmulti-cloud managementmultiple apt actorsna fornexnation-state activitynation-state actornetwork ipnetwork scanningoil & gasolympic destroyeropenctiopencti_label cert polskaopendiroperating systemoperation neusploitosintoverview iocspassenger transportationpassword attackspeexeperuphishingphishing attackpolandpoland infrastructureport8083 domainpower generationpower gridpower systemspowershellprivilege escalationprng setupprocess injectionprocess manufacturingproduct developmentproxypublic administrationpublic infrastructurepublic policypureratquality controlr&d strategyrail transportransomwarereconnaissanceregulatory agenciesremote servicesrenewable energyresearchresearch & developmentresearch methodologyresearchedroarbatrubeusrubeus toolsetrussiarussia-alignedrussia-aligned aptrussia-aligned threat actorrussia-aligned threat groupsandwormscadascams & fraudscheduled taskscientific researchscripting attacksseashell blizzardshellshipping servicessmica83social engineeringsocks5 proxysocks5 proxy usagesocks5 serversoftware exploitationsouth americasovstate-sponsored actorsting wiperstrongsupply chain attacksupply chain managementsystem shutdownt1003t1003.001t1016t1018t1021t1021.001t1027t1033t1046t1049t1053t1053.005t1055t1057t1059t1059.001t1059.003t1069.001t1070.004t1071t1071.001t1078t1078.003t1082t1083t1086t1087t1090t1090.002t1105t1110t1110.001t1110.002t1110.003t1110.004t1124t1133t1134t1135t1190t1202t1203t1204t1204.002t1222t1484.001t1485t1486t1489t1490t1495t1496t1497t1499t1499.001t1499.002t1499.003t1499.004t1529t1530t1543t1543.003t1547.001t1548t1558t1561t1561.001t1561.002t1564t1565t1566t1566.001t1566.002t1566.003t1567t1567.004t1569.002t1573t1584.004t1595t1595.001t1595.002t1595.003t1602.002t1665technology researchtelecom servicestelecommunicationstempthreat actorthreat actor: sandwormthreat groupthreat group: cleaverthreat group: copykittensthreat group: handalathreat group: leafminerthreat group: oilrigthreat group: ransomhousethreat-intelligencetipstor nodetransportation and warehousingtransportation infrastructuretransportation managementtransportation networkstransportation technologyuac-0113ukraineukraine crisisvtavulnerability scanwarehouse operationswater systemswin32 malwarewindowswindows malwarewiperwiper attackwiper malwarezerolotzoszovzov wiper

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
9
Reports
First seenJan 24, 2026
Last seenMay 29, 2026

VirusTotal

Not checked

WHOIS

references
https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf, https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution, https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025, IOCs.2026.2.csv, https://x.com/skocherhan/status/2024666788496122021, https://x.com/skocherhan/status/2024667465804837163, https://x.com/skocherhan/status/2024671209221132614, https://x.com/skocherhan/status/2024682042286289319, https://x.com/skocherhan/status/2024695835380916514, https://x.com/skocherhan/status/2024726925449597293, https://x.com/skocherhan/status/2024728035962810766, https://x.com/skocherhan/status/2024744194091184380, https://x.com/skocherhan/status/2024754886177333482, https://x.com/skocherhan/status/2024756075774238900, https://x.com/skocherhan/status/2024758460303180041, https://x.com/skocherhan/status/2024759097191452672, https://x.com/skocherhan/status/2024761922193633460, https://x.com/skocherhan/status/2024762029072908710, https://x.com/skocherhan/status/2024770367336673502, https://x.com/skocherhan/status/2024774467969221108, https://x.com/skocherhan/status/2024777427541487862, https://x.com/skocherhan/status/2024781731329450103, https://x.com/skocherhan/status/2024782744614494569, https://x.com/skocherhan/status/2024805213249413191, https://x.com/skocherhan/status/2024840605134709054, https://x.com/skocherhan/status/2024935967514116324, https://x.com/skocherhan/status/2024968341635436722, https://x.com/skocherhan/status/2024984133210976583, IOCs.csv, https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/, https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/#iocs, https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/, https://t0asts.com/dynowiper, https://ltna.com.au/cyber, https://www.bleepingcomputer.com/news/security/sandworm-hackers-linked-to-failed-wiper-attack-on-polands-energy-systems/, https://www.gov.pl/web/primeminister/poland-stops-cyberattacks-on-energy-infrastructure/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 23 days ago
Appeared in 9 threat reports