IOC Radar
SHA256MediumSignal 97/100

82b336cd120ef07d8df5a3e3fa082bcca8b5c0a3481fae78cb5dd29072979f69

Location
IsraelIsrael
First Seen
Nov 19, 2024
Last Seen
Jun 17, 2026
Nov 19
First Seen
590d ago
Jun 17
Last Seen
15d ago
10
Reports
source reports
97%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
97%
Signal Score
97 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

103 techniques

Feed Intelligence Summary

10 reports97% confidence
10
Source reports
97%
Confidence score
Category tags
abuseactive scanactive scanningalienvault_ransomwareapplication layer protocolasiaattackauthentication attacksbad reputationbakery desotta thanjavurbakery in thanjavurbarbie cakeblack forestbotnetbotnet activitybritish indian ocean territorybrute forcebrute force attackbrute force attacksc2cake ordercakescakes in thanjavurcakes ordercalls-wmichecks-user-inputcobalt strikecobalt strike frameworkcommand & controlcommand and controlcommunication protocolcommunity managementcompromised credentialsconsumer goodscontactcontent sharingconticonti codecream cakescredential accesscredential harvestingcredential stuffingdata breachdata encryptiondata exfiltrationdata leakagedata store exposureddosdenial of servicedetect-debug-environmentdigital platformsdistributed attacksdragon forcedragonforcedragonforce ransomwaredragonforce ransomware attackencryptioneuropeexploitationexploitation activityextortionfile-hashfreefree websitefresh creamftpftp brute forcegoogle slideshttphttp probinghttp scannerhttpsidentity & access exploitationindiaindicatorinitial accessinjection activityiot securityisraeljeanelateral movementlockbitlockbit codelogin attemptslong-sleepsmalaysiamalicious activitymalicious softwaremalwaremulti-extortionmultiple threat actorsnetwork attacksnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningorderpassword attackspassword crackingpayloadpeexeperuphishingphishing attackphoto cakespossible intrusion attemptpost-exploitationpotential compromiseprocess injectionprotocol exploitationraasraas groupransom noteransomwareransomware cartelransomware multi-extortion attackransomware multi-extortion campaignread morereconnaissanceremote accessremote servicesresearchedresumeretail tradesaudi arabiascanning activityself-deleteservice scansmtp probingsocial analyticssocial engineeringsocial mediasocial media marketingsocial media securitysocial networkingsouth americassh attacksweetsystem discoverysystem disruptionsystembcsystembc malwaret1003t1003.001t1003.006t1003.007t1003.008t1005t1016t1018t1020t1021t1021.001t1021.002t1021.004t1027t1027.002t1027.003t1027.004t1040t1046t1053t1055t1059t1059.001t1059.003t1059.004t1071t1071.001t1076t1078t1078.001t1078.003t1078.004t1082t1083t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1204.002t1210t1213t1213.002t1486t1489t1490t1491t1496t1499.002t1499.003t1530t1547.001t1563t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1573t1573.001t1573.002t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1588.006t1589t1589.002t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004t1608t1608.001t1608.002t1608.003t1608.004t1609t1610t1611t1614t1614.001tcp protocoltelnet threattemplates freethreat actortier caketor nodeunited kingdomunknown malware distributionupxuser engagementvulnerability scanweb trafficwhite forestwhite-labelwhite-label ransomwarewindows

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
97
SIGNAL
Signal Score
97%
Confidence
10
Reports
First seenNov 19, 2024
Last seenJun 17, 2026

VirusTotal

Not checked

WHOIS

description
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
references
https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists, IOC.pdf, https://threatfox.abuse.ch/export/csv/recent/, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 15 days ago
Appeared in 10 threat reports