SHA256HighVerifiedSignal 89/100
8cfb55087fa8e4c1e7bcc580d767cf2c884c1b8c890ad240c1e7009810af6736
Location
First Seen
Jul 23, 2021
Last Seen
Jun 3, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
89%
Signal Score
89 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
5 reports89% confidence
5
Source reports
89%
Confidence score
Category tags
active scanaptarchive filesasiaattackbotnetbotnet activitybronze presidentbusiness servicesc tasklistchecks-user-inputclear filtersclientclientendpoint.dll mainclntendclosecloud securitycobalt strikecommandcommand and controlcommand linecommunication protocolcompany limitedcomspecconceptcontactcookiecorroborationcrypt32cxclntdata exfiltrationdata store exposuredefense evasiondesktopdetect-debug-environmentdigiwindigiwin erp targetdirect-cpu-clock-accessdistributed attacksdll injectiondynamicloaderearth pretaeducationexample codeexploitation activityfigurefile-hashfindfirstfoldertypeidfull pathgmailgoogle driveheapsprayhotkeyhttphttp communicationhttp scannerhttpshttps communicationhybrididleindicatorindonesiainfotipingress tool transferinjection activityiot securityknown-distributorlaunchlearnlegitmalicious softwaremalwaremalware decoymekotiomicrosoft wordmitre attmozillamusicmustang pandanation-state activitynewsnextronnorth americantdllot securityoverlayownerparent pidpasspathpeexeperuplugxprecreatepretaprocess dumpingprocess injectionprotectpubloadransomwarereportsresearchresearchedruntime-modulesserviceshell dlgsignedsmallsouth americastatic analysisstopsupply chain attackt1003t1003.001t1003.003t1021t1021.001t1027t1027.002t1027.003t1027.007t1033t1036t1036.005t1036.007t1041t1047t1048t1048.003t1053t1053.005t1055t1055.001t1055.002t1055.004t1056t1059t1059.001t1068t1071t1071.001t1071.004t1090t1090.001t1090.002t1102t1104t1105t1140t1187t1190t1195t1195.002t1203t1204t1204.002t1486t1496t1499.002t1499.003t1543t1547t1547.001t1553t1562t1562.001t1564t1564.001t1564.004t1565t1566t1566.001t1574t1574.001t1574.002tabletaiwantargetthirdthreat actorthustidronetoggletoneinstoneshelltoolstor nodetrend microtrojan malwaretwitterunited statesupload fileusername eqvision onevulnerability scanweb trafficwebsocket communicationwindowswindows sandboxwinrarwinstawinwordwinword exploitationxfftxffu xffuxffxff xffxffyara
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
89
SIGNAL
Signal Score
89%
Confidence
5
Reports
First seenJul 23, 2021
Last seenJun 3, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- PE32 executable (GUI) Intel 80386, for MS Windows
- references
- https://www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html, https://vtbehaviour.commondatastorage.googleapis.com/7239da2f1e827d89f94256594629dc4d9d8c75edf0ca262de2566b6193a5ff9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777520784&Signature=b%2BtX1%2Ffyku%2BclKccH3zOoEiQC%2FthJQjeHoIP4LV5sGJ6Zjj5tfJg3wNZYh2HBa4k26uwGj2nMlB0b0GYtweLW25Bc%2B404F%2BL6QapM%2B40QGW%2FB%2Br1PPeLGqibZInE87sOOaJiuEfSRazMcA%2BfHu%2Fb0jM4zPy9zJ0hixPtO1l5waijD8T%2Bb8bK1f%2BcYsBiZGyi%2B3iwCjtYGOqrh2%2FaUTIc2KtQ71wcNTUM, https://vtbehaviour.commondatastorage.googleapis.com/7239da2f1e827d89f94256594629dc4d9d8c75edf0ca262de2566b6193a5ff9a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777520838&Signature=yGBMSw%2BY%2B%2FQx%2B1Bgu6Ak6yeMjBaVPrWKwmi8%2BPSW9Ryb8yjHv%2F3l%2B6dUti2eDEBmA4SPDCXTAb%2B08R2KfsYirOWGVXRTcZtRb8y2pmconV4eHUen6aMCmJSoeDAF1ZUgO%2B2LskdO5QD8uvc8wEKVRInU4idJ0ttgmEDuQkNtIDi%2FDNr6SPFGqUkJVUlxpmKByswFzetMzuNN8Z8PLowoIBCQT13JXQ6wAy%2, https://vtbehaviour.commondatastorage.googleapis.com/7239da2f1e827d89f94256594629dc4d9d8c75edf0ca262de2566b6193a5ff9a_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777520882&Signature=wY5xl%2BYtBqki9lSTdsyaILrsT5QUwmmDT7LqFVonw6fiE9Ol7%2FbhW7T%2BmgCPPz2BaMiUXzt8uq3lJvsqaQkzLlFzxLgvwFM1pe%2BbKkZYBJsNzqAtZ%2FyI80TNC2%2FgFNmvCnZDjgiRx%2BxoTfnDJMYjzDnWbfywNJxYIgdw9G8GBd4MpxuCPkmADNlvC9snbqbfhs5yYwbydv9xq105M5N0ws8oj%2BUuC4kNSNEE4M8AmEqhGdx, https://attack.mitre.org/groups/G0129/, https://attack.mitre.org/software/S1239/, https://attack.mitre.org/software/S1228/, https://any.run/report/8cfb55087fa8e4c1e7bcc580d767cf2c884c1b8c890ad240c1e7009810af6736/47e8fc63-b97a-4bec-a07a-523ece0be2d8, https://sea.ctithai.work/tlpwhiteforeveryonexx/WHITE__WINWORD_HeapSpray_8cfb5508-Community.html, https://www.acronis.com/en-us/cyber-protection-center/posts/operation-worddrone-drone-manufacturers-are-being-targeted-in-taiwan/, IOCs.2026.csv, https://www.trendmicro.com/en_us/research/24/i/tidrone-targets-military-and-satellite-industries-in-taiwan.html, https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/k/earth-preta-spear-phishing-governments-worldwide/IOCs-earth-preta-spear-phishing-since-march.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 5 years ago · Last seen 26 days ago
Appeared in 5 threat reports