IOC Radar
SHA256MediumSignal 100/100

8087db3c43840caccb9756893cdaff707311dc195f34de471cc259b1b62e3411

Location
Russian FederationRussian Federation
First Seen
Mar 7, 2025
Last Seen
Feb 8, 2026
Mar 7
First Seen
483d ago
Feb 8
Last Seen
145d ago
7
Reports
source reports
99%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Feed Intelligence Summary

7 reports99% confidence
7
Source reports
99%
Confidence score
Category tags
aerospace & defenseaptbackdoorbig game huntingbig-game huntingbodybotnetbuttoncactuscivil servicesclosecobaltstrikecode executioncode injectioncommand and controlcommand executioncontactcredential harvestingdata accessdata copyingdata encryptiondata exfiltrationdata extortiondata leakdata leak sitedata transferdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdistributed attacksdll side-loadingdll sideloadingdouble extortioneuropeexploitextortionfile-hashfindfooterformgamaredongamaredon aptgermanygithubgovernment technologygthostgthost isphiding-windowhyperhosting ispindicatoringress tool transferinitial accessinput validation bypassinterlockiocslinklnklnk abuselnk file attacklnk fileslong-command-line-argumentslong-sleepsmainmalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmetadata analysismetasploitmilitary operationsnational securitynetwork iocsopenoperating systempath traversalphishingphishing attackphishing campaignpowershell downloadpowershell downloaderprocess injectionpublic administrationpublic infrastructurepublic policyransomwareregulatory agenciesreloadremcos trojanremote accessremote access trojanremote servicesresearchedrussian federationrussian threat actorscriptscripting attackssmallsocial engineeringsocial media securityspanspearphishingstarsystem disruptiont1005t1021.001t1027t1027.002t1030t1041t1047t1053t1053.005t1055t1055.001t1059t1059.001t1059.003t1059.005t1069.001t1071.001t1078t1078.001t1083t1086t1105t1133t1140t1189t1190t1193t1195t1195.002t1202t1204t1204.002t1486t1490t1496t1499.002t1499.003t1547t1547.001t1565t1566t1566.001t1566.002t1566.003t1573tetraloadertrojan malwareukraineukraine targetingweb application exploitationworldwide secrets blogwrite

Activity Timeline

1 total obs
Feb 8Feb 8

Threat Activity Heatmap

· Peak: 2026-02-08
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
7
Reports
First seenMar 7, 2025
Last seenFeb 8, 2026

VirusTotal

Not checked

WHOIS

description
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Tue Feb 4 07:05:52 2025, mtime=Mon Feb 17 16:12:50 2025, atime=Tue Feb 4 07:05:52 2025, length=455680, window=hidenormalshowminimized
references
https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/, uat-5918.txt, online-marketplace-scams.txt, new-tornet-backdoor-campaign.txt, pathwiper (1).txt, pathwiper.txt, uat-6382.txt, iocs_gamaredon_remcos.txt, toymaker.txt, new-persistent-attacks-japan.txt, lotus-blossom-espionage-group.txt, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 7 threat reports