IOC Radar
MD5MediumSignal 98/100

b365af317ae730a67c936f21432b9c71

Location
PeruPeru
First Seen
Oct 3, 2021
Last Seen
Jun 4, 2026
Oct 3
First Seen
1716d ago
Jun 4
Last Seen
11d ago
9
Reports
source reports
98%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

86 techniques

Feed Intelligence Summary

9 reports98% confidence
9
Source reports
98%
Confidence score
Category tags
abuseactive directoryactive scanactive scanningakiraakira iocsakira ransomware attackalienvault_ransomwareanydeskashen lepusasiaasnsattackautomotive manufacturingav killersbackup destructionbad reputationbankingbertbert ransomwarebitcoinaddressbitsblackbastabotnetbotnet activitybrazilbrute forcebrute force attackcisa kevcisco asacloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecobalt strikecobaltstrikecodecode executioncode injectioncommand and controlcommand executioncommunication protocolconsumer goodsconticorecredential accesscredential dumpingcredential stuffingcredential theftcredit card servicescross-platform ransomwarecryptocurrencydata encryptiondata exfiltrationdata store exposureddosdefense evasiondemodenial of servicedesktopdetect-debug-environmentdirect-cpu-clock-accessdistributed attacksdouble extortionelectronic health recordselectronics manufacturingencryptionesxieu cyber policieseuropeexfiltrationexploit avaliableexploitationexploitation activityextortionfile-hashfinancefinance and insurancefinancial servicesfinancial technologyfindftpftp brute forcegermanyguloaderhacking toolshavochealth care and social assistancehealth information technologyhealthcare information systemshospital managementhostnamehostname enumerationhttp brute forcehttp scannerhttpshybridhypervidentity & access exploitationidleimapimpactin the wildindiaindicatorindonesiaindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyinfostealeringress tool transferinitial accessinjection activityinsideiociot securityit infrastructurekaliknown hostnameslateral movementlazagnelearnlegitlinuxlogin attacklokibotlong-sleepsluca stealermakopmakop ransomwaremalicious activitymalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmanufacturing technologymasscanmedicalmedical servicesmedusalockermfa bypassmulti-cloud managementmultiple threat actorsnetpassnetscannetwork attacksnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynewsnlbruteoperating systemoverlaypasspassword attackspatient carepayment processingpeexeperuphishingphobospingcastleplay ransomwarepowershellprivilege escalationprocess injectionprocess manufacturingprotectprotocol exploitationpsexecpython malwareqilinquality controlquick healransom demandransom note droppedransomhubransomwarerdp exploitationreconnaissanceregional securityremote accessremote servicesreportsresearchedretail traderevilrhysidaruntime-modulesscannerscanning activityscripting attacksservice scansignedsmallsmtpsoftware developmentsoftware exploitationsourcesouth americassh attackssl vpnstopsuomisupply chain attacksupply chain managementsystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1046t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.006t1068t1069.001t1070t1071t1071.001t1076t1077t1078t1078.002t1082t1083t1086t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1133t1136t1187t1190t1199t1203t1204t1204.002t1210t1213t1218t1485t1486t1490t1491t1491.001t1496t1497t1499.002t1499.003t1539t1543.003t1547t1548t1548.002t1552.001t1555t1560t1561t1562t1562.001t1562.004t1563t1565t1566t1567t1569.002t1588t1589t1589.001t1595t1595.001t1595.002t1595.003ta machinetcp protocoltcp scantelnet threatthreat actortor nodetrend microtrend micro reporttrend visionudp scanunited kingdomveeamvia-torvision onevnc protocolvoicevpnvpn exploitationvpn kalivulnerabilityvulnerability scanwealth managementweb trafficwin32 malwarewindowswindows malwarewindows systems targetedwinrarwinscpxloaderzensec

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
9
Reports
First seenOct 3, 2021
Last seenJun 4, 2026

VirusTotal

Not checked

WHOIS

description
PE32+ executable (GUI) x86-64, for MS Windows
references
https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses, https://zensec.co.uk/blog/unmasking-akira-the-ransomware-tactics-you-cant-afford-to-ignore/, https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html, Book2.csv, Book1.csv, https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses/, https://labs.inquest.net/iocdb, Julypt1.pdf, Cyber Threat Advisory - BERT Ransomware Hits Global Victims with Fast Encryption.pdf

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 11 days ago
Appeared in 9 threat reports