IOC Radar
SHA1MediumSignal 98/100

a0bdfac3ce1880b32ff9b696458327ce352e3b1d

Location
PeruPeru
First Seen
Oct 3, 2021
Last Seen
Jun 3, 2026
Oct 3
First Seen
1732d ago
Jun 3
Last Seen
28d ago
10
Reports
source reports
98%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

85 techniques

Feed Intelligence Summary

10 reports98% confidence
10
Source reports
98%
Confidence score
Category tags
abuseactive directoryactive scanactive scanningakiraakira iocsakira ransomware attackalienvault_ransomwareanydeskashen lepusasiaasnsattackautomotive manufacturingav killersbackup destructionbad reputationbankingbertbert ransomwarebitcoinaddressbitsblackbastabotnet activitybrazilbrute forcebrute force attackcisa kevcisco asacloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecobalt strikecobaltstrikecodecode executioncode injectioncommand and controlcommand executioncommunication protocolconsumer goodsconticorecredential accesscredential dumpingcredential stuffingcredential theftcredit card servicescross-platform ransomwarecryptocurrencydata encryptiondata exfiltrationdata store exposureddosdefense evasiondemodenial of servicedesktopdetect-debug-environmentdirect-cpu-clock-accessdouble extortionelectronic health recordselectronics manufacturingencryptionesxieu cyber policieseuropeexfiltrationexploit avaliableexploitationexploitation activityextortionfile-hashfinancefinance and insurancefinancial servicesfinancial technologyfindftpftp brute forcegermanyguloaderhacking toolshavochealth care and social assistancehealth information technologyhealthcare information systemshospital managementhostnamehostname enumerationhttp brute forcehttp scannerhttpshybridhypervidentity & access exploitationidleimapimpactin the wildindiaindicatorindonesiaindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyinfostealeringress tool transferinitial accessinjection activityinsideiociot securityit infrastructurekaliknown hostnameslateral movementlazagnelearnlegitlinuxlokibotlong-sleepsluca stealermakopmakop ransomwaremalicious activitymalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmanufacturing technologymasscanmedicalmedical servicesmedusalockermfa bypassmulti-cloud managementmultiple threat actorsnetpassnetscannetwork attacksnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynewsnlbruteoperating systemoverlaypasspassword attackspatient carepayment processingpeexeperuphishingphobospingcastleplay ransomwarepowershellprivilege escalationprocess injectionprocess manufacturingprotectprotocol exploitationpsexecpython malwareqilinquality controlquick healransom demandransom note droppedransomhubransomwarerdp exploitationreconnaissanceregional securityremote accessremote servicesreportsresearchedretail traderevilrhysidaruntime-modulesscannerscanning activityscripting attacksservice scansignedsmallsmtpsoftware developmentsoftware exploitationsourcesouth americassh attackssl vpnstopsuomisupply chain attacksupply chain managementsystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1046t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.006t1068t1069.001t1070t1071t1071.001t1076t1077t1078t1078.002t1082t1083t1086t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1133t1136t1187t1190t1199t1203t1204t1204.002t1210t1213t1218t1485t1486t1490t1491t1491.001t1497t1499.002t1499.003t1539t1543.003t1547t1548t1548.002t1552.001t1555t1560t1561t1562t1562.001t1562.004t1563t1565t1566t1567t1569.002t1588t1589t1589.001t1595t1595.001t1595.002t1595.003ta machinetcp protocoltelnet threatthreat actortor nodetrend microtrend micro reporttrend visionunited kingdomveeamvia-torvision onevnc protocolvoicevpnvpn exploitationvpn kalivulnerabilityvulnerability scanwealth managementweb trafficwin32 malwarewindowswindows malwarewindows systems targetedwinrarwinscpxloaderzensec

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
10
Reports
First seenOct 3, 2021
Last seenJun 3, 2026

VirusTotal

Not checked

WHOIS

description
PE32+ executable (GUI) x86-64, for MS Windows
references
https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses, https://zensec.co.uk/blog/unmasking-akira-the-ransomware-tactics-you-cant-afford-to-ignore/, https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html, Book2.csv, Book1.csv, https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses/, https://labs.inquest.net/iocdb, Julypt1.pdf, Cyber Threat Advisory - BERT Ransomware Hits Global Victims with Fast Encryption.pdf

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 28 days ago
Appeared in 10 threat reports