SHA256MediumSignal 100/100

`b9bba02d18bacc4bc8d9e4f70657d381568075590cc9d0e7590327d854224b32`

Location

British Indian Ocean Territory

First Seen

Feb 17, 2025

Last Seen

May 23, 2026

Feb 17

First Seen

487d ago

May 23

Last Seen

27d ago

Reports

source reports

99%

Confidence

medium

Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

106 techniques

Feed Intelligence Summary

13 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseactive scanactive scanningaffiliate programakiraakira ransomwarealienvault_ransomwareanydeskasiabad reputationblackcatbotnetbotnet activitybritish indian ocean territorybrute forcebrute force attackbrute force attacksbyovdcalls-wmicartelchecks-user-inputcobalt strikecobalt strike frameworkcommand and controlcommunication protocolcompromised credentialsconsumer goodsconticonti codecredential accesscredential harvestingcredential stuffingdata breachdata encryptiondata exfiltrationdata leakagedata store exposuredata theftdetect-debug-environmentdevmandistributed attacksdouble extortiondragon forcedragonforcedragonforce ransomwaredragonforce ransomware attackdriver exploitationencryptionendclient ratesxieuropeexeexecutable fileexploitationexploitation activityextortionfantasy hufilefile-hashfilehash md5filehash sha1filehash sha256fleet managementfreight servicesftp brute forceglobalgod ratgootloaderhttp probinghttp scannerhuntersidentity & access exploitationindiaindicatorinformation technologyingress tool transferinitial accessinjection activityiot securityisraelit infrastructurelapsuslateral movementlinuxlockbitlockbit codelong-sleepsmalmalaysiamalicious softwaremalwaremalware developmentmamonamaritime transportmarksmegamulti-extortionmultiple threat actorsnetwork probingnetwork scanningoperating systemoverlaypassenger transportationpassword attackspassword crackingpayloadpeexeperuphishingphishing attackpost-exploitationprivilege escalationprocess injectionqilinraasraas groupraas modelrail transportransomransom noteransomhubransomwareransomware cartelransomware deploymentransomware multi-extortion attackransomware multi-extortion campaignreconnaissanceremote accessremote servicesrentdrv2.sysresearchedretail traderoyalsaudi arabiascanning activityscattered spidersecurity evasionsecurity software evasionshinyhunterssmtp probingsocial engineeringsoftware developmentsouth americaspencerssh attacksystem discoverysystem disruptionsystembcsystembc malwaret1003t1003.001t1003.006t1003.007t1003.008t1005t1016t1018t1020t1021t1021.001t1027t1027.002t1027.003t1027.004t1046t1053t1055t1059t1059.001t1059.003t1059.004t1068t1069.001t1070t1071t1071.001t1076t1078t1078.001t1078.003t1078.004t1082t1083t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1204t1204.002t1213t1213.002t1486t1489t1490t1491t1495.001t1496t1499.002t1499.003t1530t1547t1547.001t1555t1562t1562.004t1563t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1573t1573.001t1573.002t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1588.006t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004t1608t1608.001t1608.002t1608.003t1608.004t1609t1610t1611t1614t1614.001threat actortor nodetransportation and warehousingtransportation infrastructuretransportation technologytrojan malwaretruesight.sysunited kingdomunknown malware distributionvulnerability scanvulnerable driver exploitationweb crawlerweb trafficwhite-labelwhite-label ransomwarewin32 malwarewindows malwareyara

Activity Timeline

1 total obs

May 23May 23

Threat Activity Heatmap

· Peak: 2026-05-23

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenFeb 17, 2025

Last seenMay 23, 2026

VirusTotal

Not checked

WHOIS

description: SHA256 of 29baab2551064fa30fb18955ccc8f332bd68ddd4

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 1 year ago · Last seen 27 days ago

Appeared in 13 threat reports