SHA256MediumSignal 78/100

`c25e5f72850f5571e312043ad9bc3542e3dfa258d3e913b23900d3e46b998437`

Location

Peru

First Seen

Feb 17, 2025

Last Seen

May 15, 2026

Feb 17

First Seen

486d ago

May 15

Last Seen

35d ago

Reports

source reports

78%

Confidence

medium

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

78%

Signal Score

78 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

60 techniques

Feed Intelligence Summary

7 reports78% confidence

Source reports

78%

Confidence score

Category tags

abuseactive scanningboot sector infectionbootkitbootloader attackbotnetbrute forcebypasschecks-user-inputcommand and controlcredential accesscredential stuffingcrimecvedata destructiondata encryptiondata exfiltrationdemodetect-debug-environmentdisk encryptiondiskcoder.cdistributed attacksdllenumerationeuropeexeexpetrextortionfilefile-hashftp brute forcehosthttp brute forceindicatorkernel exploitationkernel modificationlateral movementmalmalicious softwaremalwarembrmft encryptionmultiple protocolsnetwork intrusionnetwork scanningnyetyaoperating systempe filepedllperupetyapetya-like ransomwarepolandprocess injectionransomransomwarereconnaissanceremote accessremote servicesresearchedsecure boot bypasssecure boot vulnerabilitysigned executable abusesouth americassh attacksystem disruptiont1016t1021t1021.001t1036t1046t1047t1053t1053.005t1053_005t1055t1059t1059.001t1059.004t1068t1069.001t1071t1071.001t1076t1078t1106t1110t1110.002t1187t1190t1203t1211t1218_011t1485t1486t1490t1495t1496t1499.002t1499.003t1529t1542t1542.001t1542.003t1542.004t1543.003t1553t1553.001t1553.005t1560.001t1561t1561.001t1562t1562.001t1563t1564.001t1565t1574t1587.001t1587.004t1588t1588.006t1595t1595.001t1595.002t1595.003t1601t1610uefiuefi persistenceuefi ransomware attackunauthorized accessunknown threat actorvulnerabilitywin32 malwarewindows malware

Activity Timeline

1 total obs

May 15May 15

Threat Activity Heatmap

· Peak: 2026-05-15

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

78%

Confidence

Reports

First seenFeb 17, 2025

Last seenMay 15, 2026

VirusTotal

Not checked

WHOIS

description: The newly identified HybridPetya ransomware demonstrates the ability to bypass UEFI Secure Boot protections by exploiting a previously disclosed vulnerability (CVE-2024-7344).
references: https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/, https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass, Cyber Threat Advisory - New Ransomware Profile HybridPetya Ransomware Exploits UEFI Secure Boot Bypass.pdf

`c25e5f72850f5571e312043ad9bc3542e3dfa258d3e913b23900d3e46b998437`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey