IOC Radar
SHA256MediumSignal 99/100

c26ce932f3609ecd710a3a1ca7f7b96f1b103a11b49a86e9423e03664eaabd40

Location
PeruPeru
First Seen
Oct 30, 2023
Last Seen
May 11, 2026
Oct 30
First Seen
975d ago
May 11
Last Seen
51d ago
11
Reports
source reports
99%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Feed Intelligence Summary

11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
abuseactive scanaes256affiliate programalphvasahibad reputationblack basta variantblackcatbotnetbotnet activitybrute forcechacha20checks-user-inputcommand and controlcommand executioncredential accesscredential harvestingcredential stuffingcredential theftcrimedata encryptiondata exfiltrationdata leakdata store exposuredata theftdefense evasiondetect-debug-environmentdistributed attacksdomaindouble extortionemailencryptioneskatonexeexecutable fileexploitation activityextortionfilefile-hashgeniangolanggolden dawnidentity & access exploitationidleimpactindicatorinitial accessinjection activityipv4 cidrlateral movementlockbitmalmalicious powershell activitymalicious softwaremalwareoperating systempayment demandpedllperuphishingphishing attackpowershellprivilege escalationprocess injectionqilinqilin ransomwareqilin ransomware activityqilin ransomware infectionraasransomransomhubransomwareremote servicesresearchedrustscripting attacksservicesocial engineeringsouth americasuspsystem disruptiont1003t1005t1021t1021.001t1027t1041t1047t1053t1055t1059t1059.001t1068t1069.001t1071t1071.001t1078t1082t1086t1087.001t1105t1124t1133t1134t1190t1204.002t1486t1489t1490t1491.001t1496t1499.002t1499.003t1530t1547t1547.001t1547.004t1548.002t1565t1566t1566.001t1566.002t1566.003t1567t1573t1587.001threat actortor nodevulnerability scanwin32 malwarewindowswindows malware

Activity Timeline

1 total obs
May 11May 11

Threat Activity Heatmap

· Peak: 2026-05-11
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenOct 30, 2023
Last seenMay 11, 2026

VirusTotal

Not checked

WHOIS

description
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
references
https://blog.qualys.com/vulnerabilities-threat-research/2025/06/18/qilin-ransomware-explained-threats-risks-defenses, https://www.genians.co.kr/blog/threat_intelligence/qilin, AGENDA-Qilin Ransomware Group IOCs.pdf, Agenda Ransomware File Name IOCs.pdf, Agenda Ransomware Detection Name IOCs.pdf, Blocked-indicators-67435cce.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 11 threat reports