IOC Radar
SHA256MediumSignal 100/100

98a76aacbaa0401bac7738ff966d8e1b0fe2d8599a266b111fdc932ce385c8ed

Location
PeruPeru
First Seen
Jun 13, 2025
Last Seen
Jun 15, 2026
Jun 13
First Seen
384d ago
Jun 15
Last Seen
17d ago
13
Reports
source reports
99%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Feed Intelligence Summary

13 reports99% confidence
13
Source reports
99%
Confidence score
Category tags
abuseaccess salesaccount compromiseacronisagentactive scanactive scanningadminadministrative accessaffiliate programalienvault_ransomwareanubisanubis ransomwareasiaattackaustraliaautobad reputationbankingbotnetbotnet activitybrute forcebuilding constructioncanadack enterprisecloud securitycommand and controlconstruction materialsconstruction safetyconstruction technologycredential accesscredential stuffingcredit card servicescrimecyber riskcybercrime forum activitydata destructiondata encryptiondata erasuredata exfiltrationdata extortiondata store exposuredestructive malwaredistributed attacksdouble extortiondwordeciesecies encryptionecies-encryptionelectronic health recordsencryptionevilbyteexeexecutable fileexploitation activityextortionfilefile-hashfile-wipingfinancefinancial servicesfinancial technologyfindftpftp brute forceglobal targetinghealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp brute forcehybrididentity & access exploitationimpactindicatorindonesiainjection activityinput validation bypassiocslearnmalmalicious activitymalicious softwaremalwaremalware analysismedical servicesmicromitre attmultiple adversarynetwork reconnaissancenetwork scanningnetwork traffic analysisnewsnorth americanubiasoceaniaoperating systempassword attackpathpath traversalpatient carepaymentpayment processingperuphishingpicus securityprivilege escalationprivilege-escalationprocess injectionprotectraasrampransomransom demandransomwareransomware-as-a-servicereconnaissanceremote accessremote servicesreportsresearchedsavroamsecurity operationssmallsouth americaspear-phishingspearphishingsphinxsphinx ransomwaressh attackstart processstopsuomisuspsyn scansystem disruptiont1008t1021t1021.001t1027t1046t1055t1056t1057t1059t1059.001t1069.001t1071.001t1076t1078t1083t1088t1090t1110t1110.002t1134t1134.002t1176t1190t1485t1486t1489t1490t1495t1496t1499.002t1499.003t1560t1561t1561.001t1562.001t1563t1565t1566t1567t1595t1595.001t1595.002t1595.003tcp scanthreat actorthreat intelligencetor nodetrendtrend microtrend visiontwitterudp scanunited statesvision onevoicevulnerability scanwealth managementweb application attackweb application exploitationwindows

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
13
Reports
First seenJun 13, 2025
Last seenJun 15, 2026

VirusTotal

Not checked

WHOIS

description
Threathose ANYRUN search
references
https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html, https://www.trendmicro.com/content/dam/trendmicro/global/en/research/25/f/anubis--a-closer-look-at-an-emerging-ransomware-with-built-in-wiper/Anubis_A_Closer_Look_at_a_Emerging_Ransomware_with_Built-in_Wiper_IOCs.txt, IOC2.pdf, https://www.picussecurity.com/resource/blog/anubis-ransomware-targets-global-victims-with-wiper-functionality

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 17 days ago
Appeared in 13 threat reports