IOC Radar
SHA1MediumSignal 100/100

cb704d2e8df80fd3500a5b817966dc262d80ddb8

Location
IndiaIndia
First Seen
Mar 25, 2022
Last Seen
Jun 1, 2026
Mar 25
First Seen
1535d ago
Jun 1
Last Seen
6d ago
11
Reports
source reports
99%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

62 techniques

Feed Intelligence Summary

11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
.louis extensionabuseaccount discoveryaccount profilingaccount takeoveractive relatedactive scanactive scanningadded activeadfindahnlabahnlab securityakiraalienvault_ransomwareasecashen lepusasiaautoitautomotive manufacturingav killersbackdoorbad reputationbankingbertbert ransomwarebitcoinaddressbitsbjorkablackbastabotnet activitybrazilbrute forcecalls-wmicenterchecks-user-inputcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecode executioncode injectioncoinminercommand and controlcommand executionconticountrycn sepcredential accesscredential dumpingcredential harvestingcredential stuffingcredit card servicescross-platform ransomwarecryptocurrencycyber threatscybercrime forumsdark webdark web activitydata breachdata breachesdata encryptiondata exfiltrationdata store exposuredatabase leakdatabase leaksdeep webdefense evasiondemodesktopdetect-debug-environmentdigital paymentsdownload pagedownloaderdropperelectronic health recordselectronics manufacturingencryptionesxieu cyber policieseuropeeveresteverest ransomwareexeexecutable fileexfiltrationexploitation activityextortionfile-hashfinancefinancial servicesfinancial technologyfindgermanyguloaderhacking toolshavochealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp attackhybrididentity & access exploitationindiaindicatorindicators showindonesiaindustrial automationindustrial iotindustrial productioninformation securityinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinjection activityinput validation bypassinsideiocsiot securityipv4issues relatedit infrastructurelateral movementlazagnelearnlearn morelinuxlokibotlong-sleepsluca stealermain pagemakopmakop ransomwaremalicious activitymalicious linksmalicious powershell activitymalicious softwaremalwaremalware infectionsmanufacturing technologymasscanmedical servicesmedusalockermulti-cloud managementnetpassnetscannewsnlbruteoperating systemoverlaypath traversalpatient carepayload deliverypayment processingpeexeperuphishingphishing attackphishing attacksphobosprivilege escalationprocess injectionprocess manufacturingprotectpulsespulses urlpython malwareqilinqmarkquality controlquick healransom demandransom demandsransomhubransomwareransomware activityransomware attacksrdp exploitationreconnaissanceregional securityrelated pulsesremote accessremote servicesreportsresearchedrevilrhysidarole titlescanscannerscanning activityscripting attackssearchservice scansmallsocial engineeringsoftware developmentsoftware exploitationsouth americasouth koreastopsummarysuomisupply chain attacksupply chain managementsvhostsystem disruptiont1003t1005t1021t1021.001t1027t1048t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.006t1068t1069.001t1071t1071.001t1074t1076t1078t1078.002t1083t1086t1105t1110t1110.002t1133t1190t1203t1204.001t1204.002t1219t1485t1486t1489t1490t1491.001t1499.001t1543.003t1547t1548t1548.002t1560t1562t1562.001t1562.004t1563t1565t1566t1566.001t1566.002t1566.003t1567t1573t1587.001t1590.001t1592t1595.001t1595.002t1595.003threat actortitle addedtooltor nodetrend microtrend micro reporttrend visiontype indicatortypesupxveeamvhashvia-torvision onevoicevulnerability scanwealth managementweb application attackweb application exploitationweb securitywin32 malwarewindowswindows malwarexloaderxmrigxmrig coinminerzdata0

Activity Timeline

1 total obs
Jun 1Jun 1

Threat Activity Heatmap

· Peak: 2026-06-01
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a significant and immediate threat to organizational security, demanding urgent attention and comprehensive mitigation. Identified as a SHA1 hash with a critical score of 100.0, its presence within the environment indicates a high probability of compromise by sophisticated adversaries. The IOC is directly linked to prominent ransomware groups such as Blackbasta, Akira, Rhysida, Qilin, Conti, and Ransomhub, as well as the APT group Roaming Mantis. Det…

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenMar 25, 2022
Last seenJun 1, 2026

VirusTotal

Not checked

WHOIS

description
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 6 days ago
Appeared in 11 threat reports