SHA1MediumSignal 51/100

`86233a285363c2a6863bf642deab7e20f062b8eb`

Location

India

First Seen

Apr 15, 2023

Last Seen

Jun 3, 2026

Apr 15

First Seen

1148d ago

Jun 3

Last Seen

2d ago

Reports

source reports

51%

Confidence

medium

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-1 Hash

SHA-1 file hash associated with malicious samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA1

Confidence

51%

Signal Score

51 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

91 techniques

Feed Intelligence Summary

8 reports51% confidence

Source reports

51%

Confidence score

Category tags

abuseactive directoryactive scanactive scanningadvancedipscannerakiraakira iocsalienvault_ransomwareanydeskasiaasnsautomotive manufacturingav killersavast packagebad reputationbankingbitsblackbastabotnetbotnet activitybrazilbrute forcechecks-usb-buscisa kevcisco asacobalt strikecobaltstrikecode executioncommand & controlcommand and controlcommand executioncommand linecompromised credentialsconsumer goodsconticorecredential accesscredential harvestingcredential stuffingcredit card servicescrypto cybercryptocurrencycyberdata encryptiondata exfiltrationdata store exposuredefencedefense evasiondelphidesktopdetect-debug-environmentdirect-cpu-clock-accessdistributed attackselectronic health recordselectronics manufacturingencryptionesxieuropeeverything fileexploit avaliableexploitationexploitation activityextortionfigurefile-hashfinancefinance and insurancefinancial servicesfinancial technologyfirmware updatefoggermanyguloaderhacking toolshasheshealth care and social assistancehealth information technologyhealthcare information systemshospital managementhostnamehostname enumerationhypervidentity & access exploitationimpactin the wildindex databaseindiaindicatorindustrial automationindustrial iotindustrial productioninformation gatheringingress tool transferinitial accessinjection activityinnoiot securitykaliknown hostnameslateral movementlazagnelegitlokibotmakopmalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmanufacturing technologymasscanmedicalmedical servicesmedusalockermfa bypassnetpassnetscannetwork protocolnetwork scanningnitrogennitrogen c2nlbruteoffsite backupoperating systemoverlaypasspatient carepay2key ransompay2key toolkitpayment processingpeexeperuphishingphishing attackphobospingcastleplay ransomwarepost-compromisepowershellprivilege escalationprocess injectionprocess manufacturingpsexecpythonqilinquality controlquick healransomhubransomwarereconnaissanceremote accessremote servicesremoveresearchedretail traderhysidaruntime-modulesscanscannerscanning activityscripting attacksservice scansfx loadersignedsliver payloadsmbsmilesocial engineeringsoftware exploitationsourcesouth americassl vpnsupply chain attacksupply chain managementsystem disruptiont1003t1003.001t1003.004t1016t1018t1021t1021.001t1021.002t1027t1036t1036.005t1041t1046t1048t1048.003t1053t1053.001t1053.002t1053.005t1055t1057t1059t1059.001t1059.003t1068t1069.001t1071t1071.001t1076t1077t1078t1078.002t1082t1083t1086t1090t1105t1110t1110.001t1110.002t1110.003t1113t1133t1136t1136.001t1187t1190t1199t1203t1204.002t1210t1213t1213.002t1218t1219t1482t1486t1490t1496t1497t1499.002t1499.003t1543t1543.003t1547t1547.001t1555t1555.003t1555.004t1560t1560.001t1561t1562t1562.001t1563t1565t1566t1566.001t1566.002t1566.003t1567t1567.002t1569.002t1570t1574t1574.002t1588t1589.001t1595.001t1595.002t1595.003ta machinethreatthreat actorthreat responsetimetooltor nodeunitveeamvpnvpn exploitationvpn kalivps hosting ipvulnerabilityvulnerability scanwealth managementwin32 malwarewindowswindows malwarewinrarwinscpxloaderyarazenseczip archive

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

51%

Confidence

Reports

First seenApr 15, 2023

Last seenJun 3, 2026

VirusTotal

Not checked

WHOIS

description: PE32 executable (GUI) Intel 80386, for MS Windows
references: https://www.esentire.com/blog/nitrogen-campaign-2-0-reloads-with-enhanced-capabilities-leading-to-alphv-blackcat-ransomware

`86233a285363c2a6863bf642deab7e20f062b8eb`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy