IOC Radar
SHA256HighVerifiedSignal 48/100

d1626c35ff69e7e5bde5eea9f9a242713421e59197f4b6d77b914ed46976b933

Location
PeruPeru
First Seen
Aug 27, 2025
Last Seen
Oct 29, 2025
Aug 27
First Seen
318d ago
Oct 29
Last Seen
255d ago
6
Reports
source reports
48%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

71 techniques

Feed Intelligence Summary

6 reports48% confidence
6
Source reports
48%
Confidence score
Category tags
active scanningadversary-in-the-middleaitm attackaptauthentication attacksbackdoorbackdoor implantblockbotnetbrute forcebrute force attackc2 communicationc2 ipc2 ip ioccaptive portalcaptive portal hijackcaptive portal hijackingcaptive portal redirectioncivil servicescommand and controlcompromise attemptcredential accesscredential stuffingcredential theftdata exfiltrationdetect-debug-environmentdigital signature abusedigital signaturesdigitally signeddiplomat targetingdistributed attacksdll side-loadingdll sideloadingespionage campaignexefilefile-hashftp brute forceg0129government technologyhosting infrastructurehosting iphosting ip iochttps traffichttps traffic interceptionin-memory executionindicatorknbgxngds rc4landing pagelanding page iocloopmalmalicious softwaremalwaremalware deliverymalware infectionman-in-the-middleman-in-the-middle attackmemory injectionmessage queuemessage queuesmonitor yaramsi packagemsi package iocmsi payload deliverymsiemustang pandamutex namemutex name iocname iocnetwork intrusionnetwork scanningnexus espionageoperating systempage httpspassword attackspedllperuplugxplugx malwareplugx variantprc-nexus aptprocess injectionpublic administrationpublic infrastructurepublic policyqueue windowsreconnaissanceregion: southeast asiaregulatory agenciesremote accessremote servicesresearchedrulessecurity operationssignedsigned malwaresocial engineeringsogu.secsouth americasoutheast asiaspearphishingssh attacksyn scant1012t1016t1021t1021.001t1027t1033t1036t1041t1048t1055t1055.001t1057t1059t1059.001t1059.003t1069.001t1071t1071.001t1076t1078t1078.001t1078.003t1082t1083t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1124t1132t1132.001t1133t1140t1189t1190t1195t1195.002t1199t1202t1204t1204.002t1218t1218.011t1486t1496t1497t1499.002t1499.003t1546t1553t1553.002t1556t1563t1565t1566t1566.001t1566.002t1574t1574.002t1583t1583.001t1588t1588.002t1595t1595.001t1595.002t1595.003threat actor: unc6384threat intelligencetyposquattingudp port scanunc6384valid certificate abuseweb hijackingweb traffic hijackingweb traffic redirectionwin32 malwarewindows malwarewindows messagewindows message queueswindows ntwindows systemwindows systems

Activity Timeline

1 total obs
Oct 29Oct 29

Threat Activity Heatmap

· Peak: 2025-10-29
Less
More
Mon
Wed
Fri
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
6
Reports
First seenAug 27, 2025
Last seenOct 29, 2025
Verified IOC

VirusTotal

Not checked

WHOIS

description
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
references
https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats, https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 10 months ago · Last seen 8 months ago
Appeared in 6 threat reports