SHA256HighVerifiedSignal 62/100
bed8d1752a12e5681412efbb8283910857f7c5c431c2d73f9bbc5b379047a316
Location
ItalyFirst Seen
Mar 18, 2026
Last Seen
May 21, 2026
Found in 7 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
7 reports62% confidence
7
Source reports
62%
Confidence score
Category tags
abuseabuse_ch_hashactiveads renameafricaagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingalienvault_ransomwareanalysis: reverse engineeringapiaptasiababukbad reputationbotnetbotnet activitybreachbrute forcebusiness servicescanadacastleratchacha20chacha20 noncechatchlg urlcommercial real estatecommunication technologiesconsumer servicescredential harvestingcredential stuffingcrop productioncryptocurrencyctidatadata encryptiondata exfiltrationdata store exposuredetect-debug-environmentdouble extortionegyptelectronic health recordselfemailencryptionenergyenergy distributioneraseeuropeexecutable fileexploitation activityextortionfacilities managementfake claude codefarmingfile-hashfilesfinance and insurancefinancial servicesfirstfood productionganggermanygrouphealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationimpact: data theftindicatorinfostealeringress tool transferinjection activityiocirelanditalyjapanjulienjulien mousquetonkillleakleak blogleak siteliftlinuxlinux variantlivestock managementmalicious linksmalicious softwaremalwaremalware type: cryptowaremalware type: ransomwaremedical servicesmexicomobile carriersmobile networksmonitormonitoringmutexmutex iocneshtanitrogennorth americaoil & gasoperating systemoperation ghostmailpatient carepayloadpayload ransomwarepayload ransomware groupphilippinesphishingphishing attackplatform: linuxplatform: windowspostpower generationpower systemsprecision agricultureprocess injectionproperty investmentproperty managementq2 artificialqatarransomransomwareransomware activityratrc4 routinereal estatereal estate developmentreal estate marketreal estate technologyrenewable energyresearchedresidential real estatereverseengineeringrockrssscams & fraudschoolsingaporesocsocial engineeringsouth americaspainsri lankastreamstrongsupply chain attacksustainable agriculturesystem disruptiont1005t1007t1021.001t1022t1027t1041t1055t1057t1059t1069.001t1070.001t1070.004t1071t1071.001t1074t1078t1083t1105t1106t1204.001t1204.002t1480t1486t1489t1490t1497.003t1518.001t1547t1560t1560.001t1562.001t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1589telecomtelecom servicestelecommunicationsthirdthreat actortor leaktor networktor nodetrackertraveltrojan malwarettpsttps matrixunited statesunk_nightowlvictimvulnerability scanweb securitywindowswindows binarywindows malwareyara
Activity Timeline
May 21May 21
Threat Activity Heatmap
· Peak: 2026-05-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
7
Reports
First seenMar 18, 2026
Last seenMay 21, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- A guide to the Infostealer ransomware group, which was discovered in 2026 and claimed 12 victims in seven countries within hours, has been published by the BBC's Newsround website.
- references
- IOCs.2026.4.csv, https://www.derp.ca/research/payload-ransomware-babuk-derivative/#ioc-summary, https://www.derp.ca/research/payload-ransomware-babuk-derivative/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 2 months ago · Last seen 20 days ago
Appeared in 7 threat reports