SHA1MediumSignal 100/100
90da10004c8f6fafdaa2cf18922670a745564f45
Location
PeruFirst Seen
Nov 28, 2020
Last Seen
Mar 27, 2026
Nov 28
First Seen
2025d ago
Mar 27
Last Seen
80d ago
9
Reports
source reports
99%
Confidence
medium
38/75
VirusTotal
detections
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
9 reports99% confidence
9
Source reports
99%
Confidence score
Category tags
academic institutionsactive scanningaerospace & defenseafricaanna paulaantivmappdataapplied researchaptapt ta428apt27apt34archivearmadilloasiaaspxspyasyncratattacksautomotive manufacturingbackdoorbankingbelarusbitlockerbronze unionbrute forceburmesebypassc servercertchecks-user-inputchinachina chopperchinese hackerchoppercivil servicescnccobaltcobalt strikecobaltstrikecode executioncode injectioncommand and controlcommand executioncommunication protocolcommunication technologiesconsumer goodscoreshellcotsamcotxcredential accesscredential harvestingcredential stuffingcredit card servicescrimecybercyber crimecyber espionagecyber threatsdalbitdalbit groupdata encryptiondata exfiltrationdata theftdeepdefensedefense contractingdefense logisticsdefense systemsdefense technologydelphidenial of servicedesktopdestroyratdetect-debug-environmentdevelopment labsdinodasratdistribution managementdll librarydnsepdnspionagedoraemon sha256drwebearthearth krahangearth luscaeasteducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingembassyemissary pandaenergyenergy distributioneuropeeurope/asiaexchange serverextortionfigurefilefile-hashfilesfinancefinancial servicesfinancial technologyfindfirstforeign affairsfreight forwardingfrogfrom emailftpftp servergoogle drivegovernment technologyheadershealth care and social assistancehealth information technologyhealthcare information systemsheurhigher educationhospital managementhtranhttp scannerhttpshybridicsidleimpactindicatorindonesiaindustrial automationindustrial enterprisesindustrial iotindustrial productioninformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinnovation managementinventory managementirafau backdooriranit infrastructurejsxjsx ratk-12 educationkabakaspersky icskorplugladonlateral movementlazaruslearnlinode serverlinuxlnk fileloaderlogin attemptslogistics technologylogtulsassluminousmothmalicious activitymalicious downloadmalicious helpmalicious powershell activitymalicious softwaremalspam emailmalwaremalware distributionmanufacturing technologymauimediamedical servicesmicromiddle eastmilitary operationsminer sha256mobile carriersmobile networksmsi filemustang pandanational securitynbtscanncctrojannetwork attacksnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynew backdoordinewsnps proxyobfuscatoroil & gasoperating systemot securitypalo altopassword crackingpatient carepayment processingpeexeperuphishingphishing attackplugxpoisonpolarpossible malicious activitypower generationpower systemsprocessprocess injectionprocess manufacturingproduct developmentprotectprotocol exploitationproxyproxyshellpublic administrationpublic infrastructurepublic policyquality controlr&d strategyransomwarerat creconnaissanceregeorgregulatory agenciesremote accessremote servicesremovalrenewable energyreportsresearch & developmentresearch methodologyresearchedreshellretail traderussiascanning activityscientific researchscripting attackssecurity operationsserviceservice enumerationshipping servicessmallsocial engineeringsofacysoftware developmentsouth americaspearssh attackstealerstopstrike cstrike sha256supply chain managementsystem disruptiont1018t1021t1021.001t1027t1040t1046t1055t1059t1059.001t1069.001t1071t1071.001t1076t1078t1083t1086t1105t1110t1110.002t1133t1187t1190t1204.002t1486t1490t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1587.001t1590.001t1595t1595.001t1595.002t1595.003ta428targeted attackstaskjobtcp protocoltechnology researchtelecom servicestelecommunicationstelnet threatthoperthreat actorthreat intelligencetomcattoolstransportation managementtrend microtrusttwofaceukraineunionuploaderusb installeruservia-torvulnerabilities and exploitswarehouse operationswealth managementweb trafficwebshellwebshell sha256win32 malwarewindows cmdwindows helpwindows malwarewinntix0rzxdealerzip archive
Activity Timeline
Mar 27Mar 27
Threat Activity Heatmap
· Peak: 2026-03-27LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), a critical SHA-1 hash, represents a severe and immediate threat to organizational security. Its high threat score of 100, coupled with its linkage to numerous advanced persistent threat (APT) groups and sophisticated malware families, necessitates urgent attention. If this IOC is identified within the environment, it strongly suggests an ongoing or successful compromise that could lead to significant data exfiltration, system disruption, and prolonged unauthor…
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
9
Reports
First seenNov 28, 2020
Last seenMar 27, 2026
WHOIS
- description
- PE32 executable (console) Intel 80386, for MS Windows
- references
- https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/, https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html, https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/c/earth-krahang-exploits-intergovernmental-trust-to-launch-cross-government-attacks/ioc_earth_krahang.txt, https://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/, https://asec.ahnlab.com/en/47455/, https://ics-cert.kaspersky.com/publications/reports/2022/08/08/targeted-attack-on-industrial-enterprises-and-public-institutions/, IOCs2.pdf, https://kazitec.com/threatfeeds/SHA1.txt, https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/c/earth-krahang-exploits-intergovernmental-trust-to-launch-cross-government-attacks/earth_krahang_iocs.txt, https://www.bleepingcomputer.com/news/security/chinese-earth-krahang-hackers-breach-70-orgs-in-23-countries/, https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/indicators-of-compromise-earth-lusca.txt, https://www.trendmicro.com/en_ca/research/22/a/earth-lusca-sophisticated-infrastructure-varied-tools-and-techni.html, 2021-09-21-Curriculo-IOCs.txt, 2701398.misp-json, https://gbhackers.com/apt-34-hackers/, https://www.bitdefender.com/files/News/CaseStudies/study/426/Bitdefender-PR-Whitepaper-BackdoorDiplomacy-creat6507-en-EN.pdf, https://www.bitdefender.com/blog/labs/backdoor-diplomacy-wields-new-tools-in-fresh-middle-east-campaign/, https://securelist.com/targeted-attack-on-industrial-enterprises-and-public-institutions/107054/, August 8th, 2022-CryptoGen Cyber Threat Intelligence - Chinese hackers use new Windows malware to backdoor govt, defense orgs.txt, https://www.deepwatch.com/labs/deepwatch-ati-detects-and-responds-to-never-before-discovered-backdoor-deployed-using-confluence-vulnerability-for-suspected-espionage/, https://cdn1.hubspot.net/hubfs/5556002/2022%20PDF%20Download%20Assets/ADA%20Compliant%20pdfs/eBooks/Deepwatch%20Incident%20Intel%20Report%20-%20Novel%20Backdoor%20Discovered%20-%20Aug%202022.pdf, Deepwatch Incident Intel Report - Novel Backdoor Discovered - Aug 2022.pdf
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 2 months ago
Appeared in 9 threat reports