IOC Radar
SHA1MediumSignal 100/100

d6ef23e8917e3374d1a1f75e6f8a689c26acfbda

Location
PeruPeru
First Seen
Feb 26, 2025
Last Seen
Jan 22, 2026
Feb 26
First Seen
473d ago
Jan 22
Last Seen
142d ago
4
Reports
source reports
99%
Confidence
medium
68/76
VirusTotal
detections
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Feed Intelligence Summary

4 reports99% confidence
4
Source reports
99%
Confidence score
Category tags
antivirus scan resultsarmadillobotnetcommand and controlcompromised systemcompromised systemsdata exfiltrationdecoy systemdetected malwaredionaea honeypotdistributed attacksexploitexploitationfile-hashhashindicatoriociocsmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware confirmationmalware hashmalware hashesmalware indicatorsoperating systemoverlaypedllperupotential compromiseprocess injectionremote accessremote servicesresearchedsouth americat-pott1003t1021t1021.001t1053t1055t1059t1069.001t1071t1071.001t1078t1105t1189t1190t1204t1486t1496t1499.002t1499.003t1562t1565t1566threat actorthreat intelligencetpotvirus scanningvirustotal analysiswin32 malwarewindows malware

Activity Timeline

1 total obs
Jan 22Jan 22

Threat Activity Heatmap

· Peak: 2026-01-22
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

This report details a critical Indicator of Compromise (IOC) identified as a SHA-1 hash, `d6ef23e8917e3374d1a1f75e6f8a689c26acfbda`, with an exceptionally high threat score of 100.0 and no whitelist status, signifying a severe and imminent threat. The presence of this hash in an organizational environment strongly suggests an active compromise, likely involving sophisticated malware capable of significant system disruption and data exfiltration. Its association with `CVE-2017-0147` further indic…

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
4
Reports
First seenFeb 26, 2025
Last seenJan 22, 2026

VirusTotal

68/ 76vendors flagged
89% detection rateJun 3, 2026

WHOIS

description
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
references
https://github.com/telekom-security/tpotce, https://twitter.com/HeliosCert/status/1504612305069355013, https://twitter.com/HeliosCert/status/1504614823782457346, https://twitter.com/HeliosCert/status/1504616081155051520, https://twitter.com/HeliosCert/status/1504627404500873217, https://twitter.com/HeliosCert/status/1504632443369926657, https://twitter.com/HeliosCert/status/1504634957121171456, https://twitter.com/HeliosCert/status/1504637468641013761, https://twitter.com/HeliosCert/status/1504641247226605573, https://twitter.com/HeliosCert/status/1504677735817433113, https://twitter.com/HeliosCert/status/1504731840703258625, https://twitter.com/HeliosCert/status/1504943234858037258

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 4 threat reports