IOC Radar
SHA256HighVerifiedSignal 100/100

ac00dd7d54764e0389de434f3203c2a3384d2ffcc20615f40f09c4c0646c8d3f

Location
Russian FederationRussian Federation
First Seen
Apr 25, 2021
Last Seen
Feb 28, 2026
Apr 25
First Seen
1893d ago
Feb 28
Last Seen
123d ago
6
Reports
source reports
99%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

80 techniques

Feed Intelligence Summary

6 reports99% confidence
6
Source reports
99%
Confidence score
Category tags
abuseactive scanningattackautomotive manufacturingavemariaratbabukbackdoorbitratblack bastabotnetbrute forcecaincalls-wmicivil servicescobaltcobalt strikecobaltstrikecobintcobint backdoorcode executioncommand and controlcommand executioncredential accesscredential harvestingcredential stuffingcvedata encryptiondata exfiltrationdata theftdatabase securitydetect-debug-environmentdistributed attackselectronics manufacturingemotetenergyenergy distributioneurope/asiaexploitexploitation attemptsextortionfilefile-hashftpgovernment technologyhead marehighhktlindicatorindustrial automationindustrial iotindustrial productioninfostealerinfrastructure sharinginjection attacksiocsknown maliciouslateral movementlockbitlockbit 3.0long-sleepsmalicious activitymalicious powershell activitymalicious softwaremalwaremanufacturing technologymediummexiconetwork intrusionnetwork probingnetwork scanningnetwork service scanningnorth americaoil & gaspalestine, state ofphantomjitterphishing attackpower generationpower systemsprivilege escalationprocess injectionprocess manufacturingps1public administrationpublic infrastructurepublic policyqakbotquality controlquasarraasransomwarereconnaissanceregulatory agenciesremote accessremote servicesrenewable energyresearchedrevisar correorussiarussian federationscriptscripting attackssocial engineeringsoftware exploitationsourcessh attacksupply chain managementsuspsystem disruptiont1003t1003.001t1003.005t1012t1016t1016.001t1018t1021t1021.001t1021.002t1027t1027.005t1033t1041t1047t1049t1053t1055t1056t1057t1059t1059.001t1059.003t1059.007t1059_001t1068t1069t1070t1071t1071.001t1076t1078t1078.002t1082t1083t1086t1087t1105t1110t1110.002t1112t1133t1135t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.002t1499.003t1505t1543t1547t1553t1562t1563t1565t1566t1566.001t1566.002t1566.003t1569t1569.002t1573t1583t1584t1588t1590t1591t1592t1595t1595.001t1595.002t1595.003threat actortrickbottrue filemd5true filesha1true filesha256twelveurl-patternvulnerabilityweb attackweb exploitation

Activity Timeline

1 total obs
Feb 28Feb 28

Threat Activity Heatmap

· Peak: 2026-02-28
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
6
Reports
First seenApr 25, 2021
Last seenFeb 28, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
Unicode text, UTF-8 (with BOM) text, with very long lines (504u)
references
https://securelist.com/head-mare-twelve-collaboration/115887/, CustomTiIndicators.20220726.191851.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 5 years ago · Last seen 4 months ago
Appeared in 6 threat reports