IOC Radar
SHA256MediumSignal 99/100

6fc94d8aecc538b1d099a429fb68ac20d7b6ae8b3c7795ae72dd2b7107690b8f

First Seen
Sep 6, 2023
Last Seen
Jun 1, 2026
Sep 6
First Seen
1017d ago
Jun 1
Last Seen
18d ago
9
Reports
source reports
99%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

9 reports99% confidence
9
Source reports
99%
Confidence score
Category tags
abuse_ch_hashapache solraquaaqua platformbackbad reputationbotnetbotnet activitycloud securitycode securitycoinminercryptocurrencycryptominersdetectdetect-debug-environmentelfexecutable filefigurefile-hashfindfirstgithubgoogle cloudh2minerindicatorkinsingkinsing botnetkinsing malwarelinuxmalicious_filemalwaremirai botnetmozi botnetngroknitzan yaakovprootpythonransomwareresearchedstrongtencentthreatthreat actorupxurlsvaluevulnerability scanxmrig

Activity Timeline

1 total obs
Jun 1Jun 1

Threat Activity Heatmap

· Peak: 2026-06-01
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), a SHA-256 file hash, carries a critically high score of 98.59, signaling a highly malicious and active threat. Its immediate presence within an organizational environment likely points to an active compromise, primarily driven by the Kinsing malware family, known for its aggressive cryptojacking and resource hijacking capabilities. If left unaddressed, this threat could lead to significant financial losses through illicit cryptocurrency mining, severe degradat…

Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
9
Reports
First seenSep 6, 2023
Last seenJun 1, 2026

VirusTotal

Not checked

WHOIS

description
ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, no section header
references
https://www.wiz.io/blog/cryptojacking-attacks-summer-2023, https://blog.aquasec.com/kinsing-malware-exploits-novel-openfire-vulnerability?hs_amp=true, https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-enterprise-applications-honeypot-unveiling-findings-from-six-worldwide-locations/, https://ltna.com.au/cyber, Kinsing_C2.csv, https://www.lacework.com/blog/h2miner-botnet, https://blog.aquasec.com/kinsing-malware-exploits-novel-openfire-vulnerability

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 18 days ago
Appeared in 9 threat reports