SHA256HighVerifiedSignal 100/100

`dd61a8b804059891d5f25b39c1dcd5e880088e217ba30aa80ba2c9dbd35d060d`

Location

Palestine, State of

First Seen

Feb 7, 2025

Last Seen

Feb 12, 2026

Feb 7

First Seen

491d ago

Feb 12

Last Seen

121d ago

Reports

source reports

99%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

59 techniques

Feed Intelligence Summary

5 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseaccount brute forceactive scanningattackauthenticationauthentication attackavemariaratbitratblack bastabotnetbrute forcebrute force attackcaincobaltcobalt strikecobaltstrikecode executioncommand and controlcommand executioncommunication protocolcredential accesscredential brute forcecredential harvestingcredential stuffingdata encryptiondata exfiltrationdenial of servicedistributed attacksemotetenumerationenumeration activityexe-patternexploitationextortionfile-hashftpftp brute forcehighhttp brute forcehttp scannerhttpsimap brute forceindicatorinfostealeriocsknown maliciouslateral movementlogin attemptlogin attemptslogin brute forcemalicious activitymalicious powershell activitymalicious softwaremalwaremalware distributionmediummexiconetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americapalestine, state ofpassword attackpassword attacksphishing attackpop3 brute forcepotential intrusionprocess injectionprotocol exploitationps1qakbotquasarraasransomwarereconnaissancereconnaissance activityremote accessremote access attemptsremote servicesresearchedrevisar correoscripting attackssmb brute forcesmtp brute forcesocial engineeringsoftware exploitationsourcessh attacksuspected compromisesyn scansystem disruptiont1005t1016t1018t1021t1021.001t1021.002t1027t1040t1046t1047t1048t1053t1055t1059t1059.001t1059.004t1059.005t1059.006t1068t1071t1071.001t1076t1077t1078t1086t1087t1087.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1189t1190t1203t1204.002t1210t1486t1490t1496t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1569.002t1588t1589t1589.002t1589.003t1590t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelnet threatthreat actortrickbottrue filemd5true filesha1true filesha256udp port scanudp scanunauthorized accessunauthorized access attempturl-patternvalid accountsweb traffic

Activity Timeline

1 total obs

Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a critical and imminent threat to organizational security, characterized by its high score of 100 and non-whitelisted status, signaling severe malicious intent. Its presence strongly indicates an advanced stage of compromise, potentially involving ransomware deployment, extensive data exfiltration, and establishment of persistent unauthorized access. Failure to address this IOC promptly could lead to significant financial losses, reputational damage,…

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenFeb 7, 2025

Last seenFeb 12, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

description: ASCII text, with CRLF line terminators
references: https://labs.inquest.net/iocdb, CustomTiIndicators.20220726.191851.csv

`dd61a8b804059891d5f25b39c1dcd5e880088e217ba30aa80ba2c9dbd35d060d`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy