SHA256MediumSignal 91/100
c1c513bc9273af2a1fffe7e27abf274746e8bf94adec8fa57568e377ced3b1a6
First Seen
Apr 18, 2026
Last Seen
Apr 18, 2026
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
91%
Signal Score
91 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
3 reports91% confidence
3
Source reports
91%
Confidence score
Category tags
aheadbotnet activitydns attackdoctype htmleliteemailfile-hashglobalgooglebotgooglebot indexhrefhttpsindicatorlayer protocolmetamitre attackmotherlessnetwork infonextoutlookoverview zenboxperforms dnsphishingprocesses extraransomwareresearchedrta descriptionscriptt1055t1055 processt1071t1095t1573titletrackerverdictz233
Activity Timeline
Apr 18Apr 18
Threat Activity Heatmap
· Peak: 2026-04-18LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC) represents a significant and high-severity threat to organizational security. Its presence within the environment strongly suggests an active compromise by a sophisticated threat actor. Specifically, this SHA256 hash is directly associated with the "el dorado" ransomware group, known for its destructive ransomware and doxing operations. If this IOC is detected, it indicates that a malicious payload potentially linked to data exfiltration, system encryption, or …
Threat ScoreHigh Risk
91
SIGNAL
Signal Score
91%
Confidence
3
Reports
First seenApr 18, 2026
Last seenApr 18, 2026
VirusTotal
Not checked
WHOIS
- description
- CDFV2 Microsoft Outlook Message
- references
- https://vtbehaviour.commondatastorage.googleapis.com/22e702fc31752b1ff0ca59efb58d943282dff34b9e8ce61867d8c831b0d8de35_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776480788&Signature=GKnoamXxZLyFfntMDXBWi2gnSzHRWJJRZPaofPOvzgQF6ygdQKEJpX4eJ2AASUeDQ3L4AO7Os%2FgNOl0CeG5%2FN9aVgljvd3WBiA8ZTwba5tFflRJKWcwOA5l4osDG6BDtNNiE8hqlOPhwMa4lIHfx8LNSu8B%2Fbm0n7Y28iDLdwSs9GCpFCVriebOwI1VNCU3BxzR0lKHa1DH6ijmLa6nxX4TOwNTZ47Os2KLel2k0E0K7sedhXKjWD1rz, https://vtbehaviour.commondatastorage.googleapis.com/22e702fc31752b1ff0ca59efb58d943282dff34b9e8ce61867d8c831b0d8de35_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776480900&Signature=juTMRwWs%2FTJqrDMvBJfYmPzSfXx4a%2F31AjChMKGg%2FigOb2ayCytmhgn%2FfGStvobwbbyL9t1dHYxFX0QZz%2F4zM3vebhPQPBm0BElUabRpjfY6q01wMlTu3q5T5uw1sSchvwR7n0H4t%2FnoMPiFRXns84ZWvQeTTNJYKtg5P29B6CE%2BbXfGQ%2FTKhS9ZR8bI09EyLS2y3Ob3boKLMZ4MNvq6nLIHO2373XOpgfJhsBQej6xZ8%2BlIe0T4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 months ago · Last seen 2 months ago
Appeared in 3 threat reports