IOC Radar
SHA256MediumSignal 100/100

92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50

Location
PeruPeru
First Seen
Aug 8, 2023
Last Seen
Jun 14, 2026
Aug 8
First Seen
1059d ago
Jun 14
Last Seen
19d ago
12
Reports
source reports
99%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

152 techniques

Feed Intelligence Summary

12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseaccount accessaccount securityack scanactive scanactive scanningaerospace & defenseafricaandarielanydeskaptasecattack sourceauthentication attackautomotive manufacturingavemariaratbabukbabykbackdoorbad reputationbankingbelarusbelowbotnetbotnet activitybrute forcebrute force attackbypassc serverc2c2 communicationchaoschilecivil servicescobalt strikecobaltstrikecobintcobint backdoorcode executioncometcommand & controlcommand and controlcommand executioncommunication protocolcompromise attemptconsumer goodscredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescryptcrypt ghoulscrypto cybercryptocurrencycvecyber threatdarkstardarkstar syndicatedata encryptiondata exfiltrationdata store exposuredata theftdatabase securityddosdefencedefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedetection evasiondigital mediadirect-cpu-clock-accessdistributed attacksdropperecuadorelectronics manufacturingencryptencryptionenergyenergy distributionentertainment technologyenumerationesxieuropeeurope/asiaexploitexploitation activityexploitation attemptsextortionfile-hashfin scanfinancefinance and insurancefinancial servicesfinancial technologyfleet managementfreight servicesftpftp brute forceghostlockerghoulsgovernment technologyguloaderhasheshead marehttp brute forcehttp probinghttp scannerhttp scanninghttpshttps scanningidentity & access exploitationidleindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinfrastructure sharingingress tool transferinitial accessinjection activityinjection attacksinsideintrusion detectioniociot securityit infrastructurekimsukykimsuky groupkimsuky hxxpknown-distributorlateral movementloaderlockbitlockbit 3.0lockbithardlogin attemptslogtimelsassmalicious linksmalicious powershell activitymalicious softwaremalwaremalware descriptionsmanufacturing technologymaremaritime transportmd5media & entertainmentmedia distributionmetasploitmeterpretermexicomilitary operationsmozimultimedia productionnanocore linknational securitynetsupport linknetwork activitynetwork attacksnetwork discoverynetwork explorationnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnextnirsoftnorth americanull scanoil & gasopendiroperating systemoperating system securityos credential dumpingoverlaypaexecpanamapasspassenger transportationpassword attackspayment processingpeexepenetration testingperuphantomcorephantomdlphantomjitterphishingphishing attackpingcastlepower generationpower systemsprivilege escalationprocess injectionprocess manufacturingprotocol exploitationpsexecpublic administrationpublic infrastructurepublic policyquality controlrail transportransomwareratreconnaissanceregulatory agenciesremote accessremote access trojanremote servicesrenewable energyrepeated-clock-accessresearchedretail traderuntime-modulesrussiarussian federationsandboxscannerscripting attackssemiconductorserviceservice enumerationservice scansha valuesshadowshamoonshamoon wipersignedsliversliver frameworksmb scanningsmtp brute forcesocial engineeringsoftware developmentsoftware exploitationsouth africasouth americaspynotessh attackstopstreamstreaming servicessupply chain attacksupply chain managementsurfshark vpnsyn scansystem disruptionsystemdirectoryt1003t1003.001t1003.003t1003.005t1005t1012t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1027t1027.003t1027.004t1027.005t1033t1036t1036.005t1036.007t1040t1041t1046t1047t1049t1053t1053.005t1055t1055.001t1055.002t1055.004t1055.012t1056t1057t1059t1059.001t1059.003t1059.007t1068t1069t1069.001t1070t1070.001t1070.004t1071t1071.001t1071.002t1071.004t1076t1078t1078.002t1082t1083t1086t1087t1090t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1129t1133t1134t1135t1136t1136.001t1136.002t1136.003t1140t1189t1190t1195t1195.001t1199t1202t1203t1204t1204.001t1204.002t1210t1213t1213.001t1218t1486t1489t1490t1496t1499.001t1499.002t1499.003t1505t1530t1543t1543.003t1546t1546.003t1547t1547.001t1550t1552t1553t1555t1555.003t1560t1562t1562.001t1563t1564t1564.001t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1573t1573.001t1574t1574.001t1583t1583.001t1584t1587.001t1588t1588.001t1588.002t1589t1590t1590.001t1591t1592t1595t1595.001t1595.002t1595.003t1608t1608.001t1608.002t1608.003t1614t1614.001t1620targeted attackstcp protocoltcp scantcp scanningtelnet threatthreat actorthreat intelligencetimetooltor nodetransportation and warehousingtransportation infrastructuretransportation technologytrojan malwarettpstwelvetwelve grouptwitterudp scanunauthorized access attemptunified killurlhausurlsurls httpurls httpsuservasa lockerverifyvpnvulnerabilityvulnerability scanwealth managementweb attackweb exploitationweb securityweb trafficwebbrowserpassviewwin32 malwarewindows malwarewinrarwiperxenallpasswordproxmas scanzmiy

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenAug 8, 2023
Last seenJun 14, 2026

VirusTotal

Not checked

WHOIS

description
PE32+ executable (console) x86-64, for MS Windows
references
https://securelist.com/head-mare-twelve-collaboration/115887/, https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/, https://securelist.com/twelve-group-unified-kill-chain/113877/, https://securelist.com/head-mare-hacktivists/113555/, https://asec.ahnlab.com/en/66546/, https://any.run/malware-trends/, https://urlhaus.abuse.ch/, https://threatfox.abuse.ch/export/csv/recent/, https://labs.inquest.net/iocdb, https://asec.ahnlab.com/ko/65918/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 19 days ago
Appeared in 12 threat reports