IOC Radar
SHA256MediumSignal 100/100

bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4

Location
PeruPeru
First Seen
Oct 1, 2021
Last Seen
Jun 4, 2026
Oct 1
First Seen
1732d ago
Jun 4
Last Seen
25d ago
15
Reports
source reports
99%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

102 techniques

Feed Intelligence Summary

15 reports99% confidence
15
Source reports
99%
Confidence score
Category tags
abuseactive directoryactive scanactive scanningakiraakira iocsakira ransomware attackalienvault_ransomwareanydeskapplication layer protocolashen lepusasiaasnsattackauthenticationauthentication attemptsauthentication brute forceautomotive manufacturingav killersbackup destructionbad reputationbankingbertbert ransomwarebitcoinaddressbitsblackbastabotnetbotnet activitybrazilbrute forcebrute force attackbrute force attacksbrute force attemptscisa kevcisco asacloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecobalt strikecobaltstrikecodecode executioncode injectioncommand and controlcommand executioncommunication protocolcompromised credentialsconsumer goodsconticorecredential accesscredential brute forcingcredential dumpingcredential harvestingcredential stuffingcredential theftcredit card servicescross-platform ransomwarecryptocurrencydata encryptiondata exfiltrationdata store exposureddosdefense evasiondemodenial of servicedesktopdetect-debug-environmentdictionary attackdirect-cpu-clock-accessdistributed attacksdouble extortionelectronic health recordselectronics manufacturingencryptionenumerationenumeration activityesxieu cyber policieseuropeexfiltrationexploit avaliableexploitationexploitation activityexploitation attemptsextortionfile-hashfinancefinance and insurancefinancial servicesfinancial technologyfindftpftp brute forcegermanyguloaderhacking toolshavochealth care and social assistancehealth information technologyhealthcare information systemshospital managementhostnamehostname enumerationhttp brute forcehttp scannerhttpshybridhypervidentity & access exploitationidleimapimap brute forceimpactin the wildindiaindicatorindonesiaindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyinfostealeringress tool transferinitial accessinjection activityinsideintrusion detectioninvalid login attemptsiociot securityit infrastructurekaliknown hostnameslateral movementlazagnelearnlegitlinuxlogin attemptlogin attemptslogin brute forcelokibotlong-sleepsluca stealermakopmakop ransomwaremalicious activitymalicious downloadmalicious network activitymalicious powershell activitymalicious softwaremalwaremalware distributionmanufacturing technologymasscanmedicalmedical servicesmedusalockermfa bypassmulti-cloud managementmultiple threat actorsnetpassnetscannetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnewsnlbruteoperating systemoverlaypasspassword attackpassword attackspatient carepayment processingpeexeperuphishingphobospingcastleplay ransomwarepop3 brute forcepotential credential compromisepotential intrusionpowershellprivilege escalationprocess injectionprocess manufacturingprotectprotocol exploitationpsexecpython malwareqilinquality controlquick healransom demandransom note droppedransomhubransomwarerdp exploitationreconnaissanceregional securityremote accessremote access attemptsremote servicesreportsresearchedretail traderevilrhysidaruntime-modulesscannerscanning activityscripting attackssecurity operationsservice discoveryservice enumerationservice scansignedsmallsmb brute forcesmb scanningsmtpsmtp brute forcesoftware developmentsoftware exploitationsourcesouth americassh attackssl vpnstopsuomisupply chain attacksupply chain managementsuspected compromisesyn scansystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1046t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1069.001t1070t1071t1071.001t1076t1077t1078t1078.002t1082t1083t1086t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1133t1136t1187t1190t1199t1203t1204t1204.002t1210t1213t1218t1485t1486t1490t1491t1491.001t1496t1497t1499.001t1499.002t1499.003t1539t1543.003t1547t1548t1548.002t1552.001t1555t1560t1561t1562t1562.001t1562.004t1563t1565t1566t1567t1569.002t1588t1589t1589.001t1589.002t1589.003t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1592t1592.001t1592.002t1592.003t1592.004t1595t1595.001t1595.002t1595.003ta machinetcp protocoltcp scantcp scanningtelnet threatthreat actorthreat intelligencetor nodetrend microtrend micro reporttrend visionudp scanunauthorized accessunauthorized access attemptunited kingdomvalid accountsveeamvia-torvision onevnc protocolvoicevpnvpn exploitationvpn kalivulnerabilityvulnerability scanwealth managementweb trafficwin32 malwarewindowswindows malwarewindows systems targetedwinrarwinscpxloaderzensec

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
15
Reports
First seenOct 1, 2021
Last seenJun 4, 2026

VirusTotal

Not checked

WHOIS

description
PE32+ executable (GUI) x86-64, for MS Windows
references
https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses, https://zensec.co.uk/blog/unmasking-akira-the-ransomware-tactics-you-cant-afford-to-ignore/, https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html, Book2.csv, Book1.csv, https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses/, https://labs.inquest.net/iocdb, Julypt1.pdf, Cyber Threat Advisory - BERT Ransomware Hits Global Victims with Fast Encryption.pdf

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 25 days ago
Appeared in 15 threat reports