IOC Radar
SHA256HighVerifiedSignal 62/100

624762a90b7272e247e5022576b7912d1aa0b32bc13aabc7ee47197e5b87a41b

First Seen
Nov 29, 2024
Last Seen
Feb 9, 2026
Nov 29
First Seen
569d ago
Feb 9
Last Seen
132d ago
4
Reports
source reports
62%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

62 techniques

Feed Intelligence Summary

4 reports62% confidence
4
Source reports
62%
Confidence score
Category tags
abuseaccount brute forceactive scanningapplication discoveryapplication layer protocolattackauthenticationauthentication attackauthentication attemptsauthentication brute forcebotnetbrute forcebrute force attackbrute force attacksbrute force attemptscommand and controlcommand executioncommunication protocolcompromised credentialscredential accesscredential attackcredential brute forcecredential brute forcingcredential stuffingdata encryptiondata exfiltrationdatabase brute forcedenial of servicedistributed attacksdnsenumerationexploitationexploitation attemptsfailed loginfile-hashfinftpftp brute forcehttp brute forcehttp scannerhttpshydra attackimap brute forceindicatorinitial accessintrusion detectioninvalid login attemptslateral movementlogin attacklogin attemptlogin attemptslogin brute forcemalicious activitymalicious powershell activitymalicious softwaremalwaremalware distributionmedusa attackmuddywaternetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnmap scanpassword attackpassword attackspassword crackingpassword sprayingpop3 brute forcepossible malicious activitypotential compromisepotential credential compromisepotential intrusionprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote access attemptsremote servicesresearchedscannerscanning activityscripting attackssecurity operationsservice discoveryservice enumerationsmb brute forcesmb scanningsmtpsmtp brute forcessh attacksuspected compromisesynsyn scant1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.006t1040t1046t1047t1048t1053t1055t1057t1059t1059.001t1059.004t1059.005t1059.006t1068t1071t1071.001t1076t1077t1078t1083t1086t1087t1087.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1190t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1583t1583.001t1583.006t1588t1588.002t1589t1589.002t1589.003t1590t1592t1592.004t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelnet threatthreat actorthreat intelligenceudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityvalid accountsvbsweb application scanningweb trafficxmas

Activity Timeline

1 total obs
Feb 9Feb 9

Threat Activity Heatmap

· Peak: 2026-02-09
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
4
Reports
First seenNov 29, 2024
Last seenFeb 9, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

references
https://sec0wn.blogspot.com/2018/02/burping-on-muddywater.html, https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/, https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html, https://labs.inquest.net/iocdb

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 4 months ago
Appeared in 4 threat reports