SHA1HighVerifiedSignal 57/100

`c0cfb830b8f1d990e3836e0bcc786e7972c9ed62`

Location

Peru

First Seen

Apr 25, 2021

Last Seen

Feb 2, 2026

Apr 25

First Seen

1883d ago

Feb 2

Last Seen

139d ago

Reports

source reports

57%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

SHA-1 Hash

SHA-1 file hash associated with malicious samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA1

Confidence

57%

Signal Score

57 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

95 techniques

Feed Intelligence Summary

5 reports57% confidence

Source reports

57%

Confidence score

Category tags

acceptactive scanningaddressaddress bldgalone emailasiaautoitave_mariabmp processbody doctypebotnetbotnet propagationbrute forcebrute force attackcache entrychecks-user-inputck idck matrixclick-based attackcnamecnr12 cuscommandcommand and controlcommand executioncommunication technologiesconnectwise exploitation attemptsconnectwise vulnerabilitycontent typecountry namecreation datecredential accesscredential harvestingcredential stuffingcus oletcvedata accessdata copyingdata encryptiondata exfiltrationdata transferddos attackddos attacksdefense evasiondelphidetect-debug-environmentdialerdistributed attacksdll readdnssecdomains showdoscom processdynamicloaderemailsencryptencrypt cnr11enomentries relatederroreuropeextortionfile-hashfilesftp brute forcegeckoget httpglobalcgoogle safegovernment impersonationgzip processhas descriptionhighhostilehostinghttp brute forceidleimage exploitindicatorinformation technologyinformation theftingress tool transferinput validation bypassinternet of thingsinvalid urlinvolved directinvolved dnsiot botnetiot device targetingiot exploitationiot/ics attackipv4ipv4 addit infrastructureitemja3skey identifierkhtmlknown-distributorlearnletterman drlinux malwarelocallogin attemptmainmalicious attachmentmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware infectionmediamedia centermediummetadata analysismirai botnetmirai botnet activitymitre attmobile carriersmobile networksmontserratmovedmp41 connectionmsiename jimname responsename tacticsnetwirenetwork infectionnetwork scannetwork securitynext associatednumberoperating systempassive dnspassword attackspath traversalpdf exploitpdf exploitationpdf processpedllpeexe processperuphishingphishing emailpolandportpresent julpresent junpresent showingprocess injectionprotocol exploitationpublic keypulse pulsesr connectionransomwareransomware distributionratreconnaissancerecord valuerefreshremote accessremote access trojanremote service exploitationremote servicesrequestresearchedresolved ipsresults julreverse dnsscanning activityscreenshots noscript processscripting attackssearchserver responseservice privacyslcc2smtp brute forcesocial engineeringsocial media securitysoftware developmentsouth americasouth koreaspanspawnsssh attackstringssupply chain attacksystem disruptiont1005t1018t1021t1021.001t1021.002t1021.006t1027t1027.003t1030t1040t1041t1045t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1060t1068t1069.001t1071t1071.001t1071.004t1071.005t1076t1078t1078.001t1078.002t1078.003t1083t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1119t1134t1134.001t1134.002t1134.003t1134.004t1134.005t1189t1190t1192t1195t1199t1203t1204t1204.001t1204.002t1210t1213t1480t1486t1490t1496t1497t1497.001t1498t1498.001t1499.002t1499.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1573t1573.001t1583t1583.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1590t1590 gathert1595t1595.001t1595.002t1595.003t1598t1598.003taiwan as3462tcp connectionstelecom servicestelecommunicationstelnet threattext processthird-party software compromisetitletoolstor nodetrojan malwaretrojandroppertrustedunitedunknown nsurlsuseruser executionv3 serialvirgin islandsvirtoolvulnerability scanwarzonewarzoneratweb application exploitationwhaszwin32 malwarewindowswindows malwarewindows ntwoff processwpis1.jpgwritewrite cx509v3 subjectyara rulezemlin name

Activity Timeline

1 total obs

Feb 2Feb 2

Threat Activity Heatmap

· Peak: 2026-02-02

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Threat ScoreMedium Risk

SIGNAL

Signal Score

57%

Confidence

Reports

First seenApr 25, 2021

Last seenFeb 2, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

description: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
references: http://remote.edikamin.com/, http://flat.trafficadvance.net/AccessMySOL.IVRMobileEntra?D=10927&C=7&MP=41%7C, http://deposito.hostance.net/dialer/, Found in Alt YouTube = Titled ‘watch’ | Infected System uploads to YT, Domains Contacted:Wealthy2019.com.strangled.net • wealth.warzonedns.com • wealthyme.ddns.net, DYNAMIC_DNS Query to a *.strangled .net Domain 192.168.122.91 1.1.1.1 • DNS Query to DynDNS Domain *.ddns .net, Observed DNS Query to a *.warzonedns .com domain - Likely Hostile 192.168.122.91 1.1.1.1, simswap.in (possible Mirai or relationship to), http://[email protected]/, 91.229.22.126, https://kgp.poczta.policja.gov.pl/mail/848189N.nsf/0/undefined/$File/Wpis1.jpg?OpenElement&FileName=Wpis1.jpg&cdafn, podszywanie sie i przywlaszczenie tozsamosci.pdf, https://www.virustotal.com/graph/gf34facc3e02443c08083040f0af890b75ee78d3e132c4fd69d0c3eddf9db51ac, stixreport-a8c68234139611e2aaa27b2efdfa7460.json, report-a8c68234139611e2aaa27b2efdfa7460.ioc

`c0cfb830b8f1d990e3836e0bcc786e7972c9ed62`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey