IOC Radar
SHA256HighVerifiedSignal 38/100

6399c686eba09584bbbb02f31d398ace333a2b57529059849ef97ce7c27752f4

First Seen
Jan 20, 2026
Last Seen
May 27, 2026
Jan 20
First Seen
153d ago
May 27
Last Seen
26d ago
4
Reports
source reports
38%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Feed Intelligence Summary

4 reports38% confidence
4
Source reports
38%
Confidence score
Category tags
abuseactive scanahost.exe abusealienvault_ransomwareanti-analysisaptapt41bad reputationbrowser extensionc2 servercms exploitationcommand & controlcommand executioncoredata encryptiondata exfiltrationdata store exposuredeadlock ransomwaredgadiscordencryptionenterprise targetingexploitation activityextortionfake update lurefakecaptcha lurefile-hashfingerfingerprintingfirstindicatorinjection activityipv6ipv6 addressjavascript injectionjohnkimwolfmainmalicious powershell activitymalicious softwaremalwaremodeloratmulti-stage malwarenation-state activitynextnexus threatnode.js backdoorphishingpowershellprocess injectionpythonqilinralordransomwareratregularremote accessresearchedsandboxscams & fraudscripting attacksservice scansicarii ransomwaresocial engineeringstagesystem disruptiont1003t1027t1036t1055t1059t1059.001t1071t1071.001t1078t1086t1105t1115t1120t1134t1140t1176t1189t1195.001t1199t1204t1204.002t1486t1490t1497t1547t1560t1564t1565t1566t1566.001t1568t1573t1588.002thelandupdate808threat actortmobiletooltor nodetraffic redirectionuuidvoidlinweb application attackyanbyarayara rule match

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
4
Reports
First seenJan 20, 2026
Last seenMay 27, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
Huntress is a managed identity protection platform for businesses, healthcare and other sectors, and is now available on the Microsoft Marketplace, where MSPs can get up to a year of free Huntress licenses.
references
https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke, week3-ioc-pt1.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 5 months ago · Last seen 26 days ago
Appeared in 4 threat reports