SHA256MediumSignal 100/100
8087db3c43840caccb9756893cdaff707311dc195f34de471cc259b1b62e3411
Location
First Seen
Mar 7, 2025
Last Seen
Feb 8, 2026
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
7 reports99% confidence
7
Source reports
99%
Confidence score
Category tags
aerospace & defenseaptbackdoorbig game huntingbig-game huntingbodybotnetbuttoncactuscivil servicesclosecobaltstrikecode executioncode injectioncommand and controlcommand executioncontactcredential harvestingdata accessdata copyingdata encryptiondata exfiltrationdata extortiondata leakdata leak sitedata transferdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdistributed attacksdll side-loadingdll sideloadingdouble extortioneuropeexploitextortionfile-hashfindfooterformgamaredongamaredon aptgermanygithubgovernment technologygthostgthost isphiding-windowhyperhosting ispindicatoringress tool transferinitial accessinput validation bypassinterlockiocslinklnklnk abuselnk file attacklnk fileslong-command-line-argumentslong-sleepsmainmalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmetadata analysismetasploitmilitary operationsnational securitynetwork iocsopenoperating systempath traversalphishingphishing attackphishing campaignpowershell downloadpowershell downloaderprocess injectionpublic administrationpublic infrastructurepublic policyransomwareregulatory agenciesreloadremcos trojanremote accessremote access trojanremote servicesresearchedrussian federationrussian threat actorscriptscripting attackssmallsocial engineeringsocial media securityspanspearphishingstarsystem disruptiont1005t1021.001t1027t1027.002t1030t1041t1047t1053t1053.005t1055t1055.001t1059t1059.001t1059.003t1059.005t1069.001t1071.001t1078t1078.001t1083t1086t1105t1133t1140t1189t1190t1193t1195t1195.002t1202t1204t1204.002t1486t1490t1496t1499.002t1499.003t1547t1547.001t1565t1566t1566.001t1566.002t1566.003t1573tetraloadertrojan malwareukraineukraine targetingweb application exploitationworldwide secrets blogwrite
Activity Timeline
Feb 8Feb 8
Threat Activity Heatmap
· Peak: 2026-02-08LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
7
Reports
First seenMar 7, 2025
Last seenFeb 8, 2026
VirusTotal
Not checked
WHOIS
- description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Tue Feb 4 07:05:52 2025, mtime=Mon Feb 17 16:12:50 2025, atime=Tue Feb 4 07:05:52 2025, length=455680, window=hidenormalshowminimized
- references
- https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/, uat-5918.txt, online-marketplace-scams.txt, new-tornet-backdoor-campaign.txt, pathwiper (1).txt, pathwiper.txt, uat-6382.txt, iocs_gamaredon_remcos.txt, toymaker.txt, new-persistent-attacks-japan.txt, lotus-blossom-espionage-group.txt, https://bazaar.abuse.ch/export/csv/recent/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 months ago
Appeared in 7 threat reports