IOC Radar
SHA256MediumSignal 91/100

c3d695ba5dfe3f9636d2975b40f043e391207077411f2b8e56154273d3db4c1b

First Seen
Apr 18, 2026
Last Seen
Apr 18, 2026
Apr 18
First Seen
59d ago
Apr 18
Last Seen
59d ago
3
Reports
source reports
91%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
91%
Signal Score
91 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

8 techniques

Feed Intelligence Summary

3 reports91% confidence
3
Source reports
91%
Confidence score
Category tags
aheadbotnet activitybrute forcecalls-wmicredential harvestingcredential stuffingdns attackdoctype htmleliteemailfile-hashglobalgooglebotgooglebot indexhrefhttpsidentity & access exploitationindicatorlayer protocolmetamitre attackmotherlessnetwork infonextoutlookoverview zenboxperforms dnsphishingprocesses extraransomwareresearchedrta descriptionscriptsocial engineeringt1055t1055 processt1071t1095t1566.001t1566.002t1566.003t1566.004t1573titletrackerverdictz233

Activity Timeline

1 total obs
Apr 18Apr 18

Threat Activity Heatmap

· Peak: 2026-04-18
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), a specific SHA-256 hash, represents a critical threat to organizational security. With a high threat score of 90.93 and no whitelist status, it is strongly associated with the "el dorado" ransomware group, known for its destructive capabilities. The presence of this hash within the environment suggests an active or attempted compromise involving sophisticated techniques such as process injection and encrypted command and control channels. If left unaddressed, …

Threat ScoreHigh Risk
91
SIGNAL
Signal Score
91%
Confidence
3
Reports
First seenApr 18, 2026
Last seenApr 18, 2026

VirusTotal

Not checked

WHOIS

description
CDFV2 Microsoft Outlook Message
references
https://vtbehaviour.commondatastorage.googleapis.com/22e702fc31752b1ff0ca59efb58d943282dff34b9e8ce61867d8c831b0d8de35_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776480788&Signature=GKnoamXxZLyFfntMDXBWi2gnSzHRWJJRZPaofPOvzgQF6ygdQKEJpX4eJ2AASUeDQ3L4AO7Os%2FgNOl0CeG5%2FN9aVgljvd3WBiA8ZTwba5tFflRJKWcwOA5l4osDG6BDtNNiE8hqlOPhwMa4lIHfx8LNSu8B%2Fbm0n7Y28iDLdwSs9GCpFCVriebOwI1VNCU3BxzR0lKHa1DH6ijmLa6nxX4TOwNTZ47Os2KLel2k0E0K7sedhXKjWD1rz, https://vtbehaviour.commondatastorage.googleapis.com/22e702fc31752b1ff0ca59efb58d943282dff34b9e8ce61867d8c831b0d8de35_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776480900&Signature=juTMRwWs%2FTJqrDMvBJfYmPzSfXx4a%2F31AjChMKGg%2FigOb2ayCytmhgn%2FfGStvobwbbyL9t1dHYxFX0QZz%2F4zM3vebhPQPBm0BElUabRpjfY6q01wMlTu3q5T5uw1sSchvwR7n0H4t%2FnoMPiFRXns84ZWvQeTTNJYKtg5P29B6CE%2BbXfGQ%2FTKhS9ZR8bI09EyLS2y3Ob3boKLMZ4MNvq6nLIHO2373XOpgfJhsBQej6xZ8%2BlIe0T4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 1 month ago
Appeared in 3 threat reports