SHA256MediumSignal 96/100
a0dc80a37eb7e2716c02a94adc8df9baedec192a77bde31669faed228d9ff526
Location
First Seen
Dec 21, 2024
Last Seen
Jun 3, 2026
Dec 21
First Seen
559d ago
Jun 3
Last Seen
30d ago
11
Reports
source reports
96%
Confidence
medium
51/75
VirusTotal
detections
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
11 reports96% confidence
11
Source reports
96%
Confidence score
Category tags
abuseacademic institutionsactive scanactive scanningaes keyakiraalienvault_ransomwareapplication developmentaptattack campaignauthentication abuseautomotive manufacturingbad reputationblackbotnetbotnet activitybrute forcebuilding constructionc2 servercanadachecks-user-inputcivil servicescode executioncommand & controlcommand and controlcommand executioncommand shellcommercial real estatecommunication protocolconstruction materialsconstruction safetyconstruction technologyconsumer goodscontrolcredential accesscredential brute forcingcredential stuffingcrimecrystal eyecyber extortiondata encryptiondata exfiltrationdata store exposureddosdenial of servicedeveloped countriesdevelopment methodologiesdevopsdistributed attackseducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingemotetencryptionenergyenergy distributionenterprise organizationsenterprise targetingeuropeexeexecutable fileexploitationexploitation activityextortionfacilities managementfast deploymentfile-hashfoodftpftp brute forcefunctiongermanygovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhttp brute forcehttp scannerhttpsidentity & access exploitationidleindependent operationindicatorindicatorsindustrial automationindustrial iotindustrial productioninformation technologyinitial accessinjection activityiocsiot securityit infrastructurek-12 educationlateral movementlockbitlockbit affiliationlogin attempt analysislolbinslolbins usagemalmalicious activitymalicious powershell activitymalicious softwaremalwaremanufacturing technologymediamedical servicesmeowmid-size enterprisemspsmultiple threat actorsnation-state activitynetwork attacksnetwork intrusionnetwork intrusion attemptnetwork probingnetwork protocolnetwork scanningnetwork securityno raasnon-raasnorth americaoil & gasonionsoperating systemopsecpasspatient carepedllperuphishingpodaon siapost-exploitationpower generationpower systemsprivilege escalationprocess injectionprocess manufacturingproduct developmentproperty investmentproperty managementprotocol exploitationpsexecpublic administrationpublic infrastructurepublic policyqilinquality assurancequality controlraasransomransomwarereal estatereal estate developmentreal estate marketreal estate technologyreconnaissancered piranharegulatory agenciesremote accessremote servicesrenewable energyresearchedresidential real estateretail tradesafepaysafepay ransomwaresafepay ransomware activitysafepay ransomware attackscripting attacksserviceshadowshellsmb scanningsmbssoarsoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware testingsouth americassh attacksupply chain attacksupply chain managementsystem disruptiont1005t1018t1021t1021.001t1021.002t1027t1040t1046t1047t1048t1053t1053.005t1055t1059t1059.001t1069.001t1070t1071t1071.001t1076t1077t1078t1083t1086t1090t1105t1110t1110.002t1133t1135t1140t1190t1202t1203t1204t1204.002t1213t1218t1486t1490t1496t1499.002t1499.003t1543.003t1547t1547.001t1548t1560t1562t1562.001t1563t1565t1566t1566.001t1573t1589t1595t1595.001t1595.002t1595.003targeted attacktcp scanningtelnet threatthisthreat actortor nodettpsubuntuunauthorized login attemptsunited kingdomunited statesweb trafficwin32 malwarewindows malwarewinrar
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
11
Reports
First seenDec 21, 2024
Last seenJun 3, 2026
WHOIS
- description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- references
- https://www.bitdefender.com/en-us/blog/businessinsights/safepay-ransomware-attacks-ttps, Julypt1.pdf, https://redpiranha.net/news/what-is-safepay-ransomware-everything-you-need-know, https://www.acronis.com/en-us/tru/posts/safepay-ransomware-the-fast-rising-threat-targeting-msps/, https://threatview.io/Downloads/Experimental-IOC-Tweets.txt, https://justpaste.it/bnukk, https://x.com/RakeshKrish12/status/1859844498030985402, https://github.com/TheRavenFile/IOC/blob/main/Safepay%20Ransomware
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 11 threat reports