SHA256HighVerifiedSignal 62/100
6daa94a36c8ccb9442f40c81a18b8501aa360559865f211d72a74788a1bbf3ce
Location
First Seen
Nov 28, 2024
Last Seen
Apr 12, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
5 reports62% confidence
5
Source reports
62%
Confidence score
Category tags
abuseaccess attemptaccount brute forceaccount enumerationactive monitoractive monitor exploitationactive scanactive scanningagentapplication layer protocolattackauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication bypassauthentication failureautomated attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attackscommand and controlcommand executioncommunication protocolcredential accesscredential brute forcecredential brute forcingcredential stuffingcve-xxxxdata encryptiondata enumerationdata exfiltrationdata store exposuredatabase brute forceddosdenial of servicedistributed attacksdnsdns attackencryptionenumerationexploitationexploitation activityexploitation attemptexploitation attemptsfailed loginfigurefile-hashfinfindftpftp brute forcehttp brute forcehttp scannerhttpshybridhydra attackidentity & access exploitationimapimap brute forceindicatorindonesiaingress tool transferinitial accessinjection activityinvalid login attemptsioclateral movementlearnlogin attacklogin attemptlogin attemptsmalicious activitymalicious powershell activitymalicious softwaremalwaremedusa attackmicronetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork monitoring softwarenetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnewsnmap scanosintpassword attackpassword attackspassword crackingpassword sprayingphishingplay ransomwarepop3 brute forcepossible credential compromisepossible malicious activitypost-exploit activitypotential compromisepotential intrusionpotential threat actorpotential vulnerability exploitationpowershell exploitationprivilege escalationprocess injectionprotectprotocol exploitationprotocol scanningransomwareratsrcerce vulnerabilityreconnaissancereconnaissance activityremote accessremote access attemptsremote code executionremote servicesreportsresearchresearchedscanning activityscripting attackssecurity operationssecurity patch requiredservice discoveryservice enumerationservice exploitation attemptservice scansmallsmb brute forcesmb scanningsmtpsmtp brute forcesoftware exploitationssh attackstopsuspected compromisesynsyn scansystem accesssystem discoveryt1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.006t1027t1036.004t1040t1046t1047t1053t1055t1056t1057t1059t1059.001t1059.001 - powershellt1059.003t1059.004t1065t1068t1071.001t1076t1077t1078t1083t1086t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1187t1189t1190t1204.002t1210t1219t1486t1496t1499.002t1499.003t1505.003t1547.001t1563t1565t1566t1589t1589.002t1590t1592t1592.004t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningteamtelnet threatthreat actorthreat intelligencetor nodetrend microtrend visionudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginvalid accountsvnc protocolvulnerabilitiesvulnerability scanweb application attackweb application scanningweb protocolsweb shell deploymentweb trafficwhatsup goldxmas
Activity Timeline
Apr 12Apr 12
Threat Activity Heatmap
· Peak: 2026-04-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
5
Reports
First seenNov 28, 2024
Last seenApr 12, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- references
- https://labs.inquest.net/iocdb
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 1 year ago · Last seen 2 months ago
Appeared in 5 threat reports