SHA256MediumSignal 98/100
e0cbe8f18315a2ee781de48565dc8a087a1564557c42c66067f65c267120c894
Location
First Seen
Aug 19, 2025
Last Seen
Jun 6, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
8 reports98% confidence
8
Source reports
98%
Confidence score
Category tags
abuseactive scanaerospace & defensealternate data streamalternate data streamsaptarchive utilityautomotive manufacturingbackdoorbad reputationbankingbotnetbotnet activitybrute forcec2 communicationcisa kevcommand & controlcommand and controlcommand injectioncommunication technologiescredential accesscredential harvestingcredential stuffingcredit card servicescustom malwarecyberespionage campaigndata accessdata copyingdata exfiltrationdata store exposuredata transferdatosdefensedefense contractingdefense logisticsdefense sector targetingdefense systemsdefense technologydeserializationdeserialization vulnerabilitydetect-debug-environmentdistributed attacksdistribution managementdll dropperdll injectionelectronics manufacturingeurope/asiaexploitexploit availableexploitationexploitation activityfile-hashfinancefinance sector targetingfinancial servicesfinancial technologyfreight forwardingglobal limitedhashesidentity & access exploitationin the wildindicatorindustrial automationindustrial iotindustrial productioninformation technologyingress tool transferinitial accessinjection activityinput validation bypassinventory managementiot securityit infrastructurejameswt_wtlateral movementlnk filelogistics sector targetinglogistics technologylong-sleepsmalicious softwaremalwaremalware deliverymanufacturing sector targetingmanufacturing technologymeltingclaw c2military operationsmobile carriersmobile networksmythicmythic agentmythic c2 agentnational securityntfs adsoperating systemoverlaypaper werewolfpatch managementpath traversalpayment processingpedllperuphishingphishing attackprocess injectionprocess manufacturingquality controlransomwarerceremote accessremote code executionremote servicesresearchedromcomromcom aptromcom grouprussiarussia-alignedrussian aptse caracterizashipping servicessnipbotsnipbot c2snipbot variantsocial engineeringsoftware developmentsouth americaspearphishingsupply chain attacksupply chain managementt1003.001t1005t1021t1021.001t1027t1030t1036.001t1041t1047t1055t1059t1059.001t1059.004t1068t1069.001t1071t1071.001t1078t1087t1105t1113t1114.001t1133t1185t1189t1190t1202t1203t1204t1204.002t1210t1480t1486t1496t1497t1499.002t1499.003t1518t1546.015t1547t1547.001t1552.001t1555.003t1560t1565t1566t1566.001t1566.002t1566.003t1569t1573.002t1574t1583t1587.001t1587.004t1588t1588.002t1588.005t1588.006t1608targeted attack campaigntelecom servicestelecommunicationsthreat actortor nodetransportation managementtrojan malwarevulnerabilityvulnerability scanwarehouse operationswealth managementweb application attackweb application exploitationwin32 malwarewindowswindows malwarewinrarzero-day exploitzero-day vulnerability exploitation
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
8
Reports
First seenAug 19, 2025
Last seenJun 6, 2026
VirusTotal
Not checked
WHOIS
- references
- https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability, https://socradar.io/cve-2025-8088-winrar-zero-day-exploited-targeted/, https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/, https://www.virustotal.com/graph/embed/ge238fa6bcd1645d1ab11e2d64ffa2a167587c9b8786b4f7d84857091b65f425e?theme=light, https://www.virustotal.com/gui/collection/8b60f30565ddb7af796a862047c3af75cc807a747cef528646185df44b326ff6
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 10 months ago · Last seen 27 days ago
Appeared in 8 threat reports