SHA256MediumSignal 94/100

`884fddf6e00b8ee99dd2da4513df5b3bc1b93c33a6c86bb09296b6cc0231910d`

Location

Morocco

First Seen

Mar 28, 2026

Last Seen

May 21, 2026

Mar 28

First Seen

77d ago

May 21

Last Seen

23d ago

Reports

source reports

94%

Confidence

medium

Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

94%

Signal Score

94 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

16 techniques

Feed Intelligence Summary

4 reports94% confidence

Source reports

94%

Confidence score

Category tags

active relatedactive scanafricaanalysis dateapples sandboxasciiascii textbrute forcec sourcecalls clearcitycloud14cloud14 addresscode helpercompliance lock abusecoordinated state abusecrimecrlf linedemodropped infoexecutable fileexploitexploitation activityfilefile-hashgenguard abuseguest systemhelperhktlidentity & access exploitationiiiii whooinaindicatorinfo fileiocsiot securityjava sourcejsjsonlegal deadlocklinuxlinux verdictmamaasmaassinamalwaremassmitre attackmonths agomoroccomove timems windowsnet104net1040000nextoperationsoverview zenboxpcx verplotpluginpng imageprocess openprocesses extrapulses urlransomransomwareresearchedrgbasan franciscosandbox sha256scanscriptsgml documentsignetsourcespamspam authorspyware createdsuspsvg scalablet1018t1036t1055t1056t1057t1059t1059_004t1059_006t1070t1071t1082t1083t1091t1095t1120t1497t1562t1574titletitle addedtor nodetownsend streetultimate fileunicode textutf8 textvector graphicsvirustotal boxwindows sandboxwrite deletezip archive

Activity Timeline

1 total obs

May 21May 21

Threat Activity Heatmap

· Peak: 2026-05-21

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

94%

Confidence

Reports

First seenMar 28, 2026

Last seenMay 21, 2026

VirusTotal

Not checked

WHOIS

description: data
references: https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779336524&Signature=O5n0S4aWPfyjTDJc05rzvbBhcbEoG8Ay%2Fz1o8K3hGVa9yUcttzmFeiPiaEhLbNVb9JiGIOIDKYipVl89pWQnYGXvGkFlwlFEXMP7Bk0zMMRedzKnp5vRpurrgLFfTgr%2BB1LVJyMVDEvDnGezrwX3d6OVEfW4XJ1w3he09Vvhr6fmuca3vBNMTc%2F%2BLGyb5JKBbQl06mGcymu8a2NNt8LXHTceDjZdRnfEyCWqn9, https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c, https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi, https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO, https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd, https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926, https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx, https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub

`884fddf6e00b8ee99dd2da4513df5b3bc1b93c33a6c86bb09296b6cc0231910d`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy