IOC Radar
SHA256MediumSignal 75/100

b5a78616f709859a0d9f830d28ff2f9dbbb2387df1753739407917e96dadf6b0

Location
PeruPeru
First Seen
Jul 27, 2025
Last Seen
Jun 22, 2026
Jul 27
First Seen
341d ago
Jun 22
Last Seen
11d ago
8
Reports
source reports
75%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

108 techniques

Feed Intelligence Summary

8 reports75% confidence
8
Source reports
75%
Confidence score
Category tags
abuseactive scanningadded activeak47ak47 groupak47 ransomwareak47c2ak47c2 backdoorak47c2 frameworkantivirus terminatoraptasiabackdoorblack bastabotnetbrute forcebyovd techniquec2canadachinachina-based threat actorchinese aptcivil servicescommand and controlcommand executioncommunication protocolcommunication technologiesconticredential accesscredential stuffingcustom malwarecvedata encryptiondata exfiltrationdetect-debug-environmentdistributed attacksdll hijackingdll hijacking techniquedropperemmenhtal loaderendpoint protection bypassenterprise securityeuropeexeexploitexploitationextortionfigurefilefile-hashftp brute forcegermanygovernment technologyhttp scanneriisiis backdooriisbackdoorindicatorinfrastructure acquisitionreconnaissanceinitial accessinitial compromiseinitial infectionio controliociocsipv4lateral movementloaderlockbitlockbit 3.0lockbit blacklockbit black ransomwaremalmalicious powershell activitymalicious softwaremalwaremalware analysismalware deliverymalware distributionmalware loader activitymicrosoft sharepointmiddle eastmobile carriersmobile networksmultiple protocolsnetwork probingnetworks unitnorth americantlmobserved hashoperating systempalo altopatch managementpayload deliverypayload downloadpeexeperuprivilege escalationprocess injectionproject ak47psexecpublic administrationpublic infrastructurepublic policyransomwareransomware operationransomware operations analysisrcereconnaissanceregulatory agenciesremote accessremote code executionremote servicesresearchedrole titleryukscriptscripting attackssearchsharepoint exploitationsharepoint vulnerability exploitationsoftware vulnerabilitiessourcesouth americaspainssh attackstorm-2603storm2603storm2603 c2storm2603 iissystem disruptiont1003t1003.001t1016t1020t1021t1021.001t1021.002t1027t1030t1033t1036t1036.004t1041t1046t1047t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1069.001t1070t1070.001t1070.002t1070.003t1071t1071.001t1071.004t1076t1078t1078.002t1082t1083t1086t1090t1090.001t1105t1110t1110.002t1110.003t1112t1114t1114.001t1120t1132t1132.001t1133t1189t1190t1199t1203t1204t1204.002t1210t1218.011t1486t1489t1490t1496t1499.002t1499.003t1505t1505.003t1543.001t1547t1547.001t1547.009t1555t1555.003t1562t1563t1565t1566t1566.001t1567t1567.002t1569t1569.002t1573t1573.001t1573.002t1574.002t1583t1583.001t1584t1584.004t1587.001t1589t1590.001t1592t1592.001t1595t1595.001t1595.002t1595.003t1598t1598.003t1602t1602.001t1608t1608.001t1610t1612telecom servicestelecommunicationsthe ak47threat actor analysistoolstoolshelltype indicatorvulnerabilitywarlockwarlock clientwarlock ransomwareweb shellweb trafficwin32 malwarewindows malwarewindows tools abuse

Activity Timeline

1 total obs
Jun 22Jun 22

Threat Activity Heatmap

· Peak: 2026-06-22
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
8
Reports
First seenJul 27, 2025
Last seenJun 22, 2026

VirusTotal

Not checked

WHOIS

description
PE32+ executable (console) x86-64, for MS Windows
references
https://unit42.paloaltonetworks.com/ak47-activity-linked-to-sharepoint-vulnerabilities/, https://research.checkpoint.com/2025/before-toolshell-exploring-storm-2603s-previous-ransomware-operations/, Aug1.pdf, https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/#storm-2603, https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/#indicators-of-compromise, Emmenhtal.pdf, https://cybersecuritynews.com/chinese-hackers-exploit-sharepoint-vulnerabilities/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 11 days ago
Appeared in 8 threat reports