SHA256HighVerifiedSignal 61/100

`5928f67db54220510f6863c0edc0343fdb68f7c7070496a3f49f99b3b545daf9`

First Seen

Dec 28, 2023

Last Seen

Mar 22, 2026

Dec 28

First Seen

899d ago

Mar 22

Last Seen

84d ago

Reports

source reports

61%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

61%

Signal Score

61 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

20 techniques

Feed Intelligence Summary

5 reports61% confidence

Source reports

61%

Confidence score

Category tags

abuseaccellion ftabec attackbec phishingblack lotusbotnetcivil servicesclustercommand and controlcommunication technologiescompromised websitescredential harvestingcredential phishingcredential theftdata encryptiondata exfiltrationdistributed attacksenergyenergy distributionextortionfile-hashforeigngovernment technologyhas expiredhiatusratindicatorkvbotnetlatestlink manipulationlink phishinglumen ipmalicious attachmentmalicious softwaremalwaremalware deliverymalware distributionmipsmobile carriersmobile networksnetgear prosafeoil & gaspayload serverphishingphishing attackphishing attemptphishing campaignpower generationpower systemsproceedprocess injectionprosafepublic administrationpublic infrastructurepublic policyransomwareregulatory agenciesrenewable energyresearchedsocial engineeringsohospamspam campaignspear phishing attacksyscallsystem disruptiont1055t1071.001t1083t1189t1192t1204.002t1486t1490t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1598t1598.003t1598.004telecom servicestelecommunicationsvolt typhoonwhaling attack

Activity Timeline

1 total obs

Mar 22Mar 22

Threat Activity Heatmap

· Peak: 2026-03-22

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

61%

Confidence

Reports

First seenDec 28, 2023

Last seenMar 22, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

description: Phishing Attempt
references: https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/, https://github.com/blacklotuslabs/IOCs/blob/main/KVbotnet_IOCs.txt

`5928f67db54220510f6863c0edc0343fdb68f7c7070496a3f49f99b3b545daf9`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy