IOC Radar
SHA256MediumSignal 95/100

8c95bb248000d706a65835b919ec9f6b7e10226d6925c0a8475a2c2cf4eb8efb

First Seen
May 22, 2026
Last Seen
Jun 2, 2026
May 22
First Seen
22d ago
Jun 2
Last Seen
11d ago
7
Reports
source reports
95%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
95%
Signal Score
95 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

20 techniques

Feed Intelligence Summary

7 reports95% confidence
7
Source reports
95%
Confidence score
Category tags
abusealienvault_ransomwarearmbad reputationbotnetbotnet activitycontainer securitycryptocurrencycryptominingdetect-debug-environmentelfexecutable fileexploitation activityfilefile-hashindicatorkuberneteslinuxmalmetro4shellobfuspeer-to-peerransomwareredis exploitationresearchedt1027t1027.002t1036t1053t1059.004t1070t1071.001t1071.004t1090.001t1098t1105t1110.001t1133t1190t1486t1496t1552.001t1563t1571t1573targeting databasevulnerability scan

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a critical threat to organizational security, scoring 94.71 out of 100, which signifies a high likelihood of malicious intent and severe potential impact. The SHA-256 hash is strongly associated with the P2pinfect malware, a sophisticated threat known for its capabilities in compromising Kubernetes environments, leading to potential data encryption, resource hijacking for cryptocurrency mining, and establishing persistent unauthorized access. If this…

Threat ScoreHigh Risk
95
SIGNAL
Signal Score
95%
Confidence
7
Reports
First seenMay 22, 2026
Last seenJun 2, 2026

VirusTotal

Not checked

WHOIS

description
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
references
https://www.fortinet.com/blog/threat-research/misconfigured-enrolled-and-dormant-anatomy-of-a-p2pinfect-kubernetes-compromise, IOCs-MAY2.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 22 days ago · Last seen 11 days ago
Appeared in 7 threat reports