IOC Radar
SHA256MediumSignal 88/100

58fe059d4374876f106135adb00f30b71ec9574e2ae523cacb7e00bc24b279c2

Location
United StatesUnited States
First Seen
Apr 17, 2026
Last Seen
Apr 23, 2026
Apr 17
First Seen
77d ago
Apr 23
Last Seen
71d ago
3
Reports
source reports
88%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

10 techniques

Feed Intelligence Summary

3 reports88% confidence
3
Source reports
88%
Confidence score
Category tags
abuse contactactive scanafricaagentalexaalexa topall searchalpine objectapeaksoft iosapi blogapple phoneapple privateartemisasiaattackauthor avatarautoitautopayav detectionawfulazorultb imagebackbad reputationbad trafficbankbankerbazaloaderbeach researchbinderblacklist httpsblacknet ratblockerbotnet activitybrute forcecisco umbrellacleanerclosecobalt strikecodecoinminercommand and controlconcerning linkcookiescopycorruptcovid19covid19 scamcreation datecryptocurrencycyber criminalcyber threatdata collectiondata store exposuredbatloaderdefault browserdescription siddetection listdga domaindns attackdnssecdocs pricingdownldrdownloaderdrivedroppereasyedgesf1edgev1el9kmemailemotetencryptionengineeringet infoevent categoryexecutable fileexitexploitexploit sourceexploitation activityfacebook urlfailurefilefile-hashfindfirewall syncfirstfoodframeframe c0bcfreefusioncoregalaxygasgenericgeneric malwareget fwlinkget h2guest systemhackersheurhigh levelhistorical otxhistorical sslhome internethttphttp trafficidentity & access exploitationiframeindicatorinfo apiinfostealerinstagram urliratajapankeyloggerlimitlinkcode u002dloginlogomalicious sitemalicious urlmalwaremalware servicemalware sitemediametrometro storemillionmillion alexamls seasonmobile threatmon marmonitoringneworder.docnode tcpnorth americaonline sunopenotx octoseekpasspattern matchpeexeperuphishingphishing siteponypost h2proxyquasar ratqzidramnitransomransomwarerecord typered teamrelatedreport spamresearchedresolved ipssafe sitescams & fraudscan endpointsscanning hostscriptsearchsearch liveserverserviceservice urlshell codeshopsiemsiteskynetsoarsouth africasouth americaspamsrclangsrcurlssl certificatestatic enginestatusstealerstreamsuidmsuricata alertsswrortt1027t1059.007t1071t1071.001t1071.003t1071.004t1105t1140t1550t1560taq booleanteamteam malicioustelefonica peruthreat actortls handshaketmobiletor knowntor nodetor relayroutertraffictrojantrojanspytrojanxtsara brashearsttl valuetwitteru002d2unionunitedunited statesunsafeurllangurlsurlvoidvaluevidarvirutvisitor objectvt graphwacatacwhoiswhois lookupwhois recordwhois showwhois whoiswindowswindows ntx22x22xratzbot

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a significant and immediate threat to organizational security, evidenced by its high score of 88.2785 and un-whitelisted status. This SHA-256 hash is strongly associated with a broad range of malicious activities, including various backdoor trojans, downloaders, and information stealers, indicating a sophisticated and multi-faceted attack vector. The presence of this IOC within an environment signifies a potential compromise event, leading to risks s…

Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
3
Reports
First seenApr 17, 2026
Last seenApr 23, 2026

VirusTotal

Not checked

WHOIS

description
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
references
https://metro-tmo.com/, Hybrid Analysis, Alienvault OTX, Data Analysis

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 2 months ago
Appeared in 3 threat reports