SHA256HighVerifiedSignal 48/100
d1626c35ff69e7e5bde5eea9f9a242713421e59197f4b6d77b914ed46976b933
Location
First Seen
Aug 27, 2025
Last Seen
Oct 29, 2025
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
6 reports48% confidence
6
Source reports
48%
Confidence score
Category tags
active scanningadversary-in-the-middleaitm attackaptauthentication attacksbackdoorbackdoor implantblockbotnetbrute forcebrute force attackc2 communicationc2 ipc2 ip ioccaptive portalcaptive portal hijackcaptive portal hijackingcaptive portal redirectioncivil servicescommand and controlcompromise attemptcredential accesscredential stuffingcredential theftdata exfiltrationdetect-debug-environmentdigital signature abusedigital signaturesdigitally signeddiplomat targetingdistributed attacksdll side-loadingdll sideloadingespionage campaignexefilefile-hashftp brute forceg0129government technologyhosting infrastructurehosting iphosting ip iochttps traffichttps traffic interceptionin-memory executionindicatorknbgxngds rc4landing pagelanding page iocloopmalmalicious softwaremalwaremalware deliverymalware infectionman-in-the-middleman-in-the-middle attackmemory injectionmessage queuemessage queuesmonitor yaramsi packagemsi package iocmsi payload deliverymsiemustang pandamutex namemutex name iocname iocnetwork intrusionnetwork scanningnexus espionageoperating systempage httpspassword attackspedllperuplugxplugx malwareplugx variantprc-nexus aptprocess injectionpublic administrationpublic infrastructurepublic policyqueue windowsreconnaissanceregion: southeast asiaregulatory agenciesremote accessremote servicesresearchedrulessecurity operationssignedsigned malwaresocial engineeringsogu.secsouth americasoutheast asiaspearphishingssh attacksyn scant1012t1016t1021t1021.001t1027t1033t1036t1041t1048t1055t1055.001t1057t1059t1059.001t1059.003t1069.001t1071t1071.001t1076t1078t1078.001t1078.003t1082t1083t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1124t1132t1132.001t1133t1140t1189t1190t1195t1195.002t1199t1202t1204t1204.002t1218t1218.011t1486t1496t1497t1499.002t1499.003t1546t1553t1553.002t1556t1563t1565t1566t1566.001t1566.002t1574t1574.002t1583t1583.001t1588t1588.002t1595t1595.001t1595.002t1595.003threat actor: unc6384threat intelligencetyposquattingudp port scanunc6384valid certificate abuseweb hijackingweb traffic hijackingweb traffic redirectionwin32 malwarewindows malwarewindows messagewindows message queueswindows ntwindows systemwindows systems
Activity Timeline
Oct 29Oct 29
Threat Activity Heatmap
· Peak: 2025-10-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
6
Reports
First seenAug 27, 2025
Last seenOct 29, 2025
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- references
- https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats, https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 10 months ago · Last seen 8 months ago
Appeared in 6 threat reports