IOC Radar
SHA256MediumSignal 100/100

df6cb5199c272c491b3a7ac44df6c4c279d23f7c09daed758c831b26732a4851

Location
PeruPeru
First Seen
Mar 12, 2025
Last Seen
Apr 16, 2026
Mar 12
First Seen
460d ago
Apr 16
Last Seen
60d ago
9
Reports
source reports
99%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

91 techniques

Feed Intelligence Summary

9 reports99% confidence
9
Source reports
99%
Confidence score
Category tags
abuseabysskillerabyssworkeractive scanactive scanningakiraalienvault_ransomwareanti-analysisanti-rootkit abuseanti-virus evasionantivirus bdapianydeskappearancearkanix stealerasnsbad reputationbeyondblackcatblacksuitbotnetbotnet activitybrute forcebyovdchecks-user-inputcivil servicescobaltcobalt strikecode executioncode injectioncommand and controlcommand executioncommunication protocolcompromised accountscredential accesscredential harvestingcredential stuffingcrytoxcrytox incidentcyber threatsdatadata encryptiondata exfiltrationdata store exposuredead-avdefense evasiondefense evasion toolsdigital signaturedistributed attacksdouble extortiondragonforcedriverdriver abusedriver exploitationdriver manipulationebpf-based rootkitsedredr bypassedr evasionedr killeredr killersedr-freezeedrsilencerelectronic health recordsembargoencryptionendpoint protectionendpoint protection bypasseseteset researchexploitation activityexplore byextortionfigurefile-hashfilehash md5filehash sha1filehash sha256financefinancial servicesfirmware updatefooterftpfunksec ransomwareghostdrivergithubgithub advancedgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp scannerhttpshunteridentity & access exploitationidleimpactin the wildincinc incidentindicatorindicatorsindicators of compromiseindicatortypeinfostealerinitial accessinjection activityiocsiocs filenameiocs medusaitm systemjameswt_wtkeepkernel mode attackskernel modulekillerlateral movementlockbitlynxlynx incidentmalicious powershell activitymalicious softwaremalwaremalware family: akiramalware family: lockbitmalware family: medusalockermalware family: qilinmalware family: ransomhubmalware signingmanagemedical servicesmedusamedusa ransomware activitymedusa ransomware attackmedusa ransomware campaignmedusalockermesh agentmicrosoft exchange vulnerabilitiesmobilemobile securitymonitoringmoremorte loadermsp compromisemspsmustang pandanavicatnetscannetwork iocsnetwork probingnetwork protocolnetwork scanningoperating systemoperational disruptionpackerpatient carepdq deploypdq inventorypeexeperuphishingphishing attackpocspower deliveryprivilege escalationprivilege escalation toolsprocess injectionprocess killingpsexecpublic administrationpublic infrastructurepublic policyqilinqilin incidentraasransomhubransomwareransomware affiliatesransomware operationsrclonereconnaissanceregulatory agenciesremote accessremote access toolsremote servicesresearchedrmm exploitationrockrootkitrustscheduled task/jobscripting attackssecurity evasionsecurity operationssecurity product disablementsednitserviceservice stopshellsmallsocial engineeringsoftware exploitationsoftware integritysouth americaspearwingssh attackstarstopstrongsupply chain attacksusanoosystemsystem disruptionsystem monitort1003t1005t1007t1014t1016t1021t1021.001t1021.002t1027t1027.002t1027.005t1036t1036.004t1036.005t1037t1037.001t1049t1053t1053.005t1055t1055.001t1059t1059.001t1059.003t1064t1068t1069.001t1070t1070.001t1070.004t1071t1071.001t1076t1077t1078t1078.002t1086t1106t1110t1110.002t1113t1127t1140t1189t1190t1199t1203t1204t1204.002t1218t1485t1486t1489t1490t1496t1499.001t1499.002t1499.003t1505t1530t1543t1543.003t1547.001t1547.006t1548.002t1553t1553.002t1554.001t1554.003t1560t1562t1562.001t1562.002t1562.004t1562.006t1563t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1573.001t1590t1592t1595t1595.001t1595.002t1595.003tfsysmon-killerthemidatheythreat actorthreat actor groupthreat actor: warlockthreat intelligencethreat-sharingtipstor nodettpsuab medusaupdate siemutilityvalid accountsviewvulnerability scanvulnerable driverswarlockweb trafficwin32 malwarewin64vulndriverwindows malwarewritezensec

Activity Timeline

1 total obs
Apr 16Apr 16

Threat Activity Heatmap

· Peak: 2026-04-16
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
9
Reports
First seenMar 12, 2025
Last seenApr 16, 2026

VirusTotal

Not checked

WHOIS

description
SHA256 of 54547180a99474b0dba289d92c4a8f3eea78b531

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 9 threat reports