SHA1MediumSignal 98/100
a0bdfac3ce1880b32ff9b696458327ce352e3b1d
Location
First Seen
Oct 3, 2021
Last Seen
Jun 3, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports98% confidence
10
Source reports
98%
Confidence score
Category tags
abuseactive directoryactive scanactive scanningakiraakira iocsakira ransomware attackalienvault_ransomwareanydeskashen lepusasiaasnsattackautomotive manufacturingav killersbackup destructionbad reputationbankingbertbert ransomwarebitcoinaddressbitsblackbastabotnet activitybrazilbrute forcebrute force attackcisa kevcisco asacloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecobalt strikecobaltstrikecodecode executioncode injectioncommand and controlcommand executioncommunication protocolconsumer goodsconticorecredential accesscredential dumpingcredential stuffingcredential theftcredit card servicescross-platform ransomwarecryptocurrencydata encryptiondata exfiltrationdata store exposureddosdefense evasiondemodenial of servicedesktopdetect-debug-environmentdirect-cpu-clock-accessdouble extortionelectronic health recordselectronics manufacturingencryptionesxieu cyber policieseuropeexfiltrationexploit avaliableexploitationexploitation activityextortionfile-hashfinancefinance and insurancefinancial servicesfinancial technologyfindftpftp brute forcegermanyguloaderhacking toolshavochealth care and social assistancehealth information technologyhealthcare information systemshospital managementhostnamehostname enumerationhttp brute forcehttp scannerhttpshybridhypervidentity & access exploitationidleimapimpactin the wildindiaindicatorindonesiaindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyinfostealeringress tool transferinitial accessinjection activityinsideiociot securityit infrastructurekaliknown hostnameslateral movementlazagnelearnlegitlinuxlokibotlong-sleepsluca stealermakopmakop ransomwaremalicious activitymalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmanufacturing technologymasscanmedicalmedical servicesmedusalockermfa bypassmulti-cloud managementmultiple threat actorsnetpassnetscannetwork attacksnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynewsnlbruteoperating systemoverlaypasspassword attackspatient carepayment processingpeexeperuphishingphobospingcastleplay ransomwarepowershellprivilege escalationprocess injectionprocess manufacturingprotectprotocol exploitationpsexecpython malwareqilinquality controlquick healransom demandransom note droppedransomhubransomwarerdp exploitationreconnaissanceregional securityremote accessremote servicesreportsresearchedretail traderevilrhysidaruntime-modulesscannerscanning activityscripting attacksservice scansignedsmallsmtpsoftware developmentsoftware exploitationsourcesouth americassh attackssl vpnstopsuomisupply chain attacksupply chain managementsystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1046t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.006t1068t1069.001t1070t1071t1071.001t1076t1077t1078t1078.002t1082t1083t1086t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1133t1136t1187t1190t1199t1203t1204t1204.002t1210t1213t1218t1485t1486t1490t1491t1491.001t1497t1499.002t1499.003t1539t1543.003t1547t1548t1548.002t1552.001t1555t1560t1561t1562t1562.001t1562.004t1563t1565t1566t1567t1569.002t1588t1589t1589.001t1595t1595.001t1595.002t1595.003ta machinetcp protocoltelnet threatthreat actortor nodetrend microtrend micro reporttrend visionunited kingdomveeamvia-torvision onevnc protocolvoicevpnvpn exploitationvpn kalivulnerabilityvulnerability scanwealth managementweb trafficwin32 malwarewindowswindows malwarewindows systems targetedwinrarwinscpxloaderzensec
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
10
Reports
First seenOct 3, 2021
Last seenJun 3, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32+ executable (GUI) x86-64, for MS Windows
- references
- https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses, https://zensec.co.uk/blog/unmasking-akira-the-ransomware-tactics-you-cant-afford-to-ignore/, https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html, Book2.csv, Book1.csv, https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses/, https://labs.inquest.net/iocdb, Julypt1.pdf, Cyber Threat Advisory - BERT Ransomware Hits Global Victims with Fast Encryption.pdf
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 28 days ago
Appeared in 10 threat reports