SHA256MediumSignal 75/100
b5a78616f709859a0d9f830d28ff2f9dbbb2387df1753739407917e96dadf6b0
Location
First Seen
Jul 27, 2025
Last Seen
Jun 22, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
8 reports75% confidence
8
Source reports
75%
Confidence score
Category tags
abuseactive scanningadded activeak47ak47 groupak47 ransomwareak47c2ak47c2 backdoorak47c2 frameworkantivirus terminatoraptasiabackdoorblack bastabotnetbrute forcebyovd techniquec2canadachinachina-based threat actorchinese aptcivil servicescommand and controlcommand executioncommunication protocolcommunication technologiesconticredential accesscredential stuffingcustom malwarecvedata encryptiondata exfiltrationdetect-debug-environmentdistributed attacksdll hijackingdll hijacking techniquedropperemmenhtal loaderendpoint protection bypassenterprise securityeuropeexeexploitexploitationextortionfigurefilefile-hashftp brute forcegermanygovernment technologyhttp scanneriisiis backdooriisbackdoorindicatorinfrastructure acquisitionreconnaissanceinitial accessinitial compromiseinitial infectionio controliociocsipv4lateral movementloaderlockbitlockbit 3.0lockbit blacklockbit black ransomwaremalmalicious powershell activitymalicious softwaremalwaremalware analysismalware deliverymalware distributionmalware loader activitymicrosoft sharepointmiddle eastmobile carriersmobile networksmultiple protocolsnetwork probingnetworks unitnorth americantlmobserved hashoperating systempalo altopatch managementpayload deliverypayload downloadpeexeperuprivilege escalationprocess injectionproject ak47psexecpublic administrationpublic infrastructurepublic policyransomwareransomware operationransomware operations analysisrcereconnaissanceregulatory agenciesremote accessremote code executionremote servicesresearchedrole titleryukscriptscripting attackssearchsharepoint exploitationsharepoint vulnerability exploitationsoftware vulnerabilitiessourcesouth americaspainssh attackstorm-2603storm2603storm2603 c2storm2603 iissystem disruptiont1003t1003.001t1016t1020t1021t1021.001t1021.002t1027t1030t1033t1036t1036.004t1041t1046t1047t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1069.001t1070t1070.001t1070.002t1070.003t1071t1071.001t1071.004t1076t1078t1078.002t1082t1083t1086t1090t1090.001t1105t1110t1110.002t1110.003t1112t1114t1114.001t1120t1132t1132.001t1133t1189t1190t1199t1203t1204t1204.002t1210t1218.011t1486t1489t1490t1496t1499.002t1499.003t1505t1505.003t1543.001t1547t1547.001t1547.009t1555t1555.003t1562t1563t1565t1566t1566.001t1567t1567.002t1569t1569.002t1573t1573.001t1573.002t1574.002t1583t1583.001t1584t1584.004t1587.001t1589t1590.001t1592t1592.001t1595t1595.001t1595.002t1595.003t1598t1598.003t1602t1602.001t1608t1608.001t1610t1612telecom servicestelecommunicationsthe ak47threat actor analysistoolstoolshelltype indicatorvulnerabilitywarlockwarlock clientwarlock ransomwareweb shellweb trafficwin32 malwarewindows malwarewindows tools abuse
Activity Timeline
Jun 22Jun 22
Threat Activity Heatmap
· Peak: 2026-06-22LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
8
Reports
First seenJul 27, 2025
Last seenJun 22, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32+ executable (console) x86-64, for MS Windows
- references
- https://unit42.paloaltonetworks.com/ak47-activity-linked-to-sharepoint-vulnerabilities/, https://research.checkpoint.com/2025/before-toolshell-exploring-storm-2603s-previous-ransomware-operations/, Aug1.pdf, https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/#storm-2603, https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/#indicators-of-compromise, Emmenhtal.pdf, https://cybersecuritynews.com/chinese-hackers-exploit-sharepoint-vulnerabilities/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 11 months ago · Last seen 11 days ago
Appeared in 8 threat reports