IOC Radar
SHA256MediumSignal 45/100

57a250cc272448353cad8e6a54b3d51db7ea6887150899d02e94b2b67afddba7

First Seen
Apr 18, 2026
Last Seen
Apr 18, 2026
Apr 18
First Seen
60d ago
Apr 18
Last Seen
60d ago
2
Reports
source reports
45%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

4 techniques

Feed Intelligence Summary

2 reports45% confidence
2
Source reports
45%
Confidence score
Category tags
aheadbotnet activitydns attackdoctype htmlelitefile-hashglobalgooglebotgooglebot indexhrefhttpsindicatorlayer protocolmetamitre attackmotherlessnetwork infonextoverview zenboxperforms dnsphishingprocesses extraransomwareresearchedrta descriptionscriptt1055t1055 processt1071t1095t1573titletrackerverdictz233

Activity Timeline

1 total obs
Apr 18Apr 18

Threat Activity Heatmap

· Peak: 2026-04-18
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a critical security alert, identified as a SHA-256 hash with a notable score of 44.98, signaling potential malicious activity within the environment. Its direct association with the 'el dorado' ransomware group, known for its destructive capabilities, underscores the urgency of this finding. Detection of this IOC could indicate the presence of ransomware, threatening immediate data encryption, system downtime, and potential data exfiltration. If left…

Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
2
Reports
First seenApr 18, 2026
Last seenApr 18, 2026

VirusTotal

Not checked

WHOIS

description
"RTA-5042-1996-1400-1577-RTA Motherless.com is a moral free file host where anything legal is hosted forever." disgusting the 'place' who put me in this domain.
references
https://vtbehaviour.commondatastorage.googleapis.com/22e702fc31752b1ff0ca59efb58d943282dff34b9e8ce61867d8c831b0d8de35_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776480788&Signature=GKnoamXxZLyFfntMDXBWi2gnSzHRWJJRZPaofPOvzgQF6ygdQKEJpX4eJ2AASUeDQ3L4AO7Os%2FgNOl0CeG5%2FN9aVgljvd3WBiA8ZTwba5tFflRJKWcwOA5l4osDG6BDtNNiE8hqlOPhwMa4lIHfx8LNSu8B%2Fbm0n7Y28iDLdwSs9GCpFCVriebOwI1VNCU3BxzR0lKHa1DH6ijmLa6nxX4TOwNTZ47Os2KLel2k0E0K7sedhXKjWD1rz, https://vtbehaviour.commondatastorage.googleapis.com/22e702fc31752b1ff0ca59efb58d943282dff34b9e8ce61867d8c831b0d8de35_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776480900&Signature=juTMRwWs%2FTJqrDMvBJfYmPzSfXx4a%2F31AjChMKGg%2FigOb2ayCytmhgn%2FfGStvobwbbyL9t1dHYxFX0QZz%2F4zM3vebhPQPBm0BElUabRpjfY6q01wMlTu3q5T5uw1sSchvwR7n0H4t%2FnoMPiFRXns84ZWvQeTTNJYKtg5P29B6CE%2BbXfGQ%2FTKhS9ZR8bI09EyLS2y3Ob3boKLMZ4MNvq6nLIHO2373XOpgfJhsBQej6xZ8%2BlIe0T4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 2 months ago
Appeared in 2 threat reports