IOC Radar
SHA256MediumSignal 100/100

5c54bd1aa2abf024f53490b7d93101496b5842a5a81a51955fe7f1d5e4281409

Location
ItalyItaly
First Seen
May 4, 2024
Last Seen
Apr 13, 2026
May 4
First Seen
770d ago
Apr 13
Last Seen
62d ago
11
Reports
source reports
99%
Confidence
medium
66/75
VirusTotal
detections
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Feed Intelligence Summary

11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
abuseacademic institutionsactive scanactive scanningapplication layer protocolasiaattackaustraliaauthentication attacksautomotive manufacturingbad reputationbakery desotta thanjavurbakery in thanjavurbarbie cakeblack forestbotnetbotnet activitybrute forcebuilding constructionc2cake ordercakescakes in thanjavurcakes ordercalls-wmichecks-user-inputcommand & controlcommand and controlcommand executioncommunication protocolcommunity managementconstruction materialsconstruction safetyconstruction technologyconsumer goodscontactcontent sharingconticream cakescredential accesscredential stuffingdata encryptiondata exfiltrationdata leakagedata store exposuredata theftddosdenial of servicedetect-debug-environmentdigital platformsdistributed attacksdouble extortiondragon forcedragonforceeducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingencryptionesxiesxi ransomwareeuropeexploitationexploitation activityextortionfile-hashfreefree websitefresh creamftpftp brute forcegoogle slideshealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhttp scannerhttpsidentity & access exploitationindicatorindicatorsindustrial automationindustrial iotindustrial productioninformation technologyinitial accessinjection activityiot securityit infrastructureitalyjeanek-12 educationlandlinuxlinux ransomwarelockbitlogin attemptslong-sleepsmalaysiamalicious activitymalicious powershell activitymalicious softwaremalwaremamonamanufacturing technologymedical servicesnetwork attacksnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americaoceaniaoperating systemorderpassword crackingpatient carepayloadpeexeperuphishingphoto cakespossible intrusion attemptpotential compromisepragueprocess injectionprocess manufacturingprotocol exploitationquality controlraasraas groupransom demandransomhubransomwareransomware operationread morereconnaissanceremote accessremote servicesresearchedresumeretail tradescanning activityscripting attacksself-deleteserviceservice scanshellsocial analyticssocial mediasocial media marketingsocial media securitysocial networkingsoftware developmentsouth americassh attacksupply chain attacksupply chain managementsweetsystem disruptiont1016t1021t1021.001t1021.002t1021.004t1027t1036t1040t1046t1049t1053t1055t1059t1059.001t1059.003t1059.004t1069.001t1070t1071t1071.001t1076t1078t1078.004t1083t1086t1105t1110t1110.001t1110.002t1133t1190t1199t1204t1204.002t1210t1213t1485t1486t1490t1491t1496t1499.002t1499.003t1547t1560t1562t1563t1565t1566t1566.001t1589t1589.002t1595t1595.001t1595.002t1595.003tcp protocoltelnet threattemplates freethreat actortier caketor nodeunited statesuser engagementvulnerability scanweb trafficwhite forestwin32 malwarewindows malwarewindows ransomware

Activity Timeline

1 total obs
Apr 13Apr 13

Threat Activity Heatmap

· Peak: 2026-04-13
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenMay 4, 2024
Last seenApr 13, 2026

VirusTotal

66/ 75vendors flagged
88% detection rateJun 8, 2026

WHOIS

description
PE32 executable (GUI) Intel 80386, for MS Windows
references
https://threatfox.abuse.ch/export/csv/recent/, https://www.bitdefender.com/en-us/blog/businessinsights/dragonforce-ransomware-cartel, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 11 threat reports