IOC Radar
SHA256LowSignal 18/100

9a76e608afca114f18e2b794e9a557b910f43e575c816019a49876188602c3aa

Location
UkraineUkraine
First Seen
May 3, 2025
Last Seen
Jan 20, 2026
May 3
First Seen
403d ago
Jan 20
Last Seen
141d ago
2
Reports
source reports
18%
Confidence
low
Found in 2 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
18%
Signal Score
18 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

20 techniques

Feed Intelligence Summary

2 reports18% confidence
2
Source reports
18%
Confidence score
Category tags
active scanningaptapt44backdoorchiselcommand and controlcommunications networkscomspeccredential accesscritical infrastructurecyber sabotagecyber warfaredata exfiltrationdefense systemsemergency servicesenergy sectorenergy systemseuropefile-hashfinancial systemsgovernment facilitiesheat supplyicsindicatorkapekalateral movementlinuxlsassmalicious softwaremalwarenetwork probingnetwork segmentationprocess injectionreconnaissanceregeorgremote accessresearchedsandboxsandwormseedsenssupply chain attackt1027t1053t1055t1059t1059.004t1070t1071t1071.001t1082t1105t1133t1195t1486t1489t1497t1565t1566t1595.001t1595.002t1595.003teamtransportation networksuac-0133ukrainewater sectorwater systemsweevely

Activity Timeline

1 total obs
Jan 20Jan 20

Threat Activity Heatmap

· Peak: 2026-01-20
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
18
SIGNAL
Signal Score
18%
Confidence
2
Reports
First seenMay 3, 2025
Last seenJan 20, 2026

VirusTotal

Not checked

WHOIS

description
The notorious Sandworm group, identified as UAC-0133, has been linked to a series of planned cyber sabotage attacks aimed at crippling nearly 20 critical infrastructure facilities across Ukraine. These attacks, uncovered by CERT-UA, involve sophisticated malware such as QUEUESEED and BIASBOAT, targeting energy, water, and heat supply systems. The attackers leverage vulnerabilities in supply chains and exploit poor network segmentation to infiltrate and disrupt essential services .

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

low
First detected 1 year ago · Last seen 4 months ago
Appeared in 2 threat reports