IOC Radar
MD5MediumSignal 79/100

abe531e9f1e642c47260fac40dc41f59

Location
UkraineUkraine
First Seen
Jul 17, 2025
Last Seen
May 12, 2026
Jul 17
First Seen
337d ago
May 12
Last Seen
38d ago
8
Reports
source reports
79%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

89 techniques

Feed Intelligence Summary

8 reports79% confidence
8
Source reports
79%
Confidence score
Category tags
abuseactive scanningaerospace & defenseai applicationsai malwareai researchai solutionsai-driven attackai-generated commandsai-generated malwareai-powered malwareapi abuseapi keyapi key abuseapi key exploitationapi key extractionapi key leakapi keysaptapt groupapt28artificial intelligencebotnetbrute forcec2calls-wmicertuachecks-bioschecks-network-adapterscivil servicesclfscode executioncode injectioncommandcommand and controlcommand executioncommand linecommunication technologiescomputer visioncontrolcredential accesscredential harvestingcredential stuffingcredential theftcyber threatcyber threatsdata encryptiondata exfiltrationdeep learningdefensedefense contractingdefense logisticsdefense sector targeteddefense systemsdefense technologydeletedesktopdetect-debug-environmentdistributed attacksdo commanddynamic payload generationembedded keysemmenhtal loaderenabledencryptioneuropeexecutable fileexfiltrationextortionfacefancy bearfile-hashfinancefinancial servicesftp brute forcegamaredongovernment technologygraphicgunra ransomwarehugging facehugging face apiindicatorinformation technologyinfostealeringress tool transferinitial compromiseinitial infectionit infrastructurelamehuglarge language modellateral movementlevpnllmllm abusellm attackllm exploitationllm integrationllm malwarellm-driven malware intrusionllm-enabled malwarellm-enabled malware attackllm-enabled malware detectionllm-enhanced phishing campaignllmslockbitlumma staelermachine learningmalicious aimalicious downloadmalicious softwaremalwaremalware analysismalware campaignmalware deliverymalware distributionmalware loader activitymalware samplesmetadata analysismilitary operationsmobilemobile carriersmobile networksmobile securitymultiple protocolsnational securitynatural language processingnetwork intrusionnetwork probingnetwork scanningo365offensive tooloffensive toolsopenaiopenssloperating systemoverlaypath droppedpawn stormpayload deliverypayload downloadpeexeperuphishingphishing attackpifprocess injectionprompt injectionpromptlockpromptsproof-of-conceptpublic administrationpublic infrastructurepublic policypythonpython malwareqrcodeqwenqwen 2.5-coder-32b-instructransomwareransomware potentialreconnaissancerednovemberregulatory agenciesremote accessremote servicesresearchedrkorsecurity operationssecurity sector targetedsednitsocial engineeringsocial media securitysofacysoftware developmentsouth americaspearphishingssh attackstorysystem disruptiont1001.003t1003t1005t1012t1016t1016.001t1018t1020t1021t1021.001t1027t1033t1039t1040t1041t1047t1049t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1064t1068t1069t1069.001t1071t1071.001t1071.004t1074.001t1076t1078t1082t1083t1087t1095t1105t1106t1110t1110.002t1114.001t1115t1119t1132t1189t1190t1192t1202t1204t1204.001t1204.002t1219t1482t1486t1490t1496t1499.001t1499.002t1499.003t1518t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1588t1588.005t1588.006t1589t1592t1595t1595.001t1595.002t1595.003t1598t1598.003t1602.001telecom servicestelecommunicationsthreat intelligencetooluac-0001ukraineukraine attackunauthorized access attempturlswin32 malwarewindows malwarewindows ntxworm campaign

Activity Timeline

1 total obs
May 12May 12

Threat Activity Heatmap

· Peak: 2026-05-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
8
Reports
First seenJul 17, 2025
Last seenMay 12, 2026

VirusTotal

Not checked

WHOIS

description
PE32+ executable (GUI) x86-64, for MS Windows
references
https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware, https://www.catonetworks.com/blog/cato-ctrl-threat-research-analyzing-lamehug, https://www.logpoint.com/en/blog/apt28s-new-arsenal-lamehug-the-first-ai-powered-malware, Sep week4.pdf, https://www.splunk.com/en_us/blog/security/lamehug-ai-driven-malware-llm-cyber-intrusion-analysis.html, https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/, Aug1.pdf, https://www.logpoint.com/en/blog/apt28s-new-arsenal-lamehug-the-first-ai-powered-malware/, Emmenhtal.pdf, https://www.catonetworks.com/blog/cato-ctrl-threat-research-analyzing-lamehug/, https://www.bleepingcomputer.com/news/security/lamehug-malware-uses-ai-llm-to-craft-windows-data-theft-commands-in-real-time/, https://cert.gov.ua/article/6284730

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 1 month ago
Appeared in 8 threat reports