SHA256MediumSignal 100/100
98a76aacbaa0401bac7738ff966d8e1b0fe2d8599a266b111fdc932ce385c8ed
Location
First Seen
Jun 13, 2025
Last Seen
Jun 15, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
13 reports99% confidence
13
Source reports
99%
Confidence score
Category tags
abuseaccess salesaccount compromiseacronisagentactive scanactive scanningadminadministrative accessaffiliate programalienvault_ransomwareanubisanubis ransomwareasiaattackaustraliaautobad reputationbankingbotnetbotnet activitybrute forcebuilding constructioncanadack enterprisecloud securitycommand and controlconstruction materialsconstruction safetyconstruction technologycredential accesscredential stuffingcredit card servicescrimecyber riskcybercrime forum activitydata destructiondata encryptiondata erasuredata exfiltrationdata extortiondata store exposuredestructive malwaredistributed attacksdouble extortiondwordeciesecies encryptionecies-encryptionelectronic health recordsencryptionevilbyteexeexecutable fileexploitation activityextortionfilefile-hashfile-wipingfinancefinancial servicesfinancial technologyfindftpftp brute forceglobal targetinghealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp brute forcehybrididentity & access exploitationimpactindicatorindonesiainjection activityinput validation bypassiocslearnmalmalicious activitymalicious softwaremalwaremalware analysismedical servicesmicromitre attmultiple adversarynetwork reconnaissancenetwork scanningnetwork traffic analysisnewsnorth americanubiasoceaniaoperating systempassword attackpathpath traversalpatient carepaymentpayment processingperuphishingpicus securityprivilege escalationprivilege-escalationprocess injectionprotectraasrampransomransom demandransomwareransomware-as-a-servicereconnaissanceremote accessremote servicesreportsresearchedsavroamsecurity operationssmallsouth americaspear-phishingspearphishingsphinxsphinx ransomwaressh attackstart processstopsuomisuspsyn scansystem disruptiont1008t1021t1021.001t1027t1046t1055t1056t1057t1059t1059.001t1069.001t1071.001t1076t1078t1083t1088t1090t1110t1110.002t1134t1134.002t1176t1190t1485t1486t1489t1490t1495t1496t1499.002t1499.003t1560t1561t1561.001t1562.001t1563t1565t1566t1567t1595t1595.001t1595.002t1595.003tcp scanthreat actorthreat intelligencetor nodetrendtrend microtrend visiontwitterudp scanunited statesvision onevoicevulnerability scanwealth managementweb application attackweb application exploitationwindows
Activity Timeline
Jun 15Jun 15
Threat Activity Heatmap
· Peak: 2026-06-15LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
13
Reports
First seenJun 13, 2025
Last seenJun 15, 2026
VirusTotal
Not checked
WHOIS
- description
- Threathose ANYRUN search
- references
- https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html, https://www.trendmicro.com/content/dam/trendmicro/global/en/research/25/f/anubis--a-closer-look-at-an-emerging-ransomware-with-built-in-wiper/Anubis_A_Closer_Look_at_a_Emerging_Ransomware_with_Built-in_Wiper_IOCs.txt, IOC2.pdf, https://www.picussecurity.com/resource/blog/anubis-ransomware-targets-global-victims-with-wiper-functionality
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 17 days ago
Appeared in 13 threat reports