IOC Radar
SHA256MediumSignal 98/100

e0cbe8f18315a2ee781de48565dc8a087a1564557c42c66067f65c267120c894

Location
PeruPeru
First Seen
Aug 19, 2025
Last Seen
Jun 6, 2026
Aug 19
First Seen
318d ago
Jun 6
Last Seen
27d ago
8
Reports
source reports
98%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

60 techniques

Feed Intelligence Summary

8 reports98% confidence
8
Source reports
98%
Confidence score
Category tags
abuseactive scanaerospace & defensealternate data streamalternate data streamsaptarchive utilityautomotive manufacturingbackdoorbad reputationbankingbotnetbotnet activitybrute forcec2 communicationcisa kevcommand & controlcommand and controlcommand injectioncommunication technologiescredential accesscredential harvestingcredential stuffingcredit card servicescustom malwarecyberespionage campaigndata accessdata copyingdata exfiltrationdata store exposuredata transferdatosdefensedefense contractingdefense logisticsdefense sector targetingdefense systemsdefense technologydeserializationdeserialization vulnerabilitydetect-debug-environmentdistributed attacksdistribution managementdll dropperdll injectionelectronics manufacturingeurope/asiaexploitexploit availableexploitationexploitation activityfile-hashfinancefinance sector targetingfinancial servicesfinancial technologyfreight forwardingglobal limitedhashesidentity & access exploitationin the wildindicatorindustrial automationindustrial iotindustrial productioninformation technologyingress tool transferinitial accessinjection activityinput validation bypassinventory managementiot securityit infrastructurejameswt_wtlateral movementlnk filelogistics sector targetinglogistics technologylong-sleepsmalicious softwaremalwaremalware deliverymanufacturing sector targetingmanufacturing technologymeltingclaw c2military operationsmobile carriersmobile networksmythicmythic agentmythic c2 agentnational securityntfs adsoperating systemoverlaypaper werewolfpatch managementpath traversalpayment processingpedllperuphishingphishing attackprocess injectionprocess manufacturingquality controlransomwarerceremote accessremote code executionremote servicesresearchedromcomromcom aptromcom grouprussiarussia-alignedrussian aptse caracterizashipping servicessnipbotsnipbot c2snipbot variantsocial engineeringsoftware developmentsouth americaspearphishingsupply chain attacksupply chain managementt1003.001t1005t1021t1021.001t1027t1030t1036.001t1041t1047t1055t1059t1059.001t1059.004t1068t1069.001t1071t1071.001t1078t1087t1105t1113t1114.001t1133t1185t1189t1190t1202t1203t1204t1204.002t1210t1480t1486t1496t1497t1499.002t1499.003t1518t1546.015t1547t1547.001t1552.001t1555.003t1560t1565t1566t1566.001t1566.002t1566.003t1569t1573.002t1574t1583t1587.001t1587.004t1588t1588.002t1588.005t1588.006t1608targeted attack campaigntelecom servicestelecommunicationsthreat actortor nodetransportation managementtrojan malwarevulnerabilityvulnerability scanwarehouse operationswealth managementweb application attackweb application exploitationwin32 malwarewindowswindows malwarewinrarzero-day exploitzero-day vulnerability exploitation

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
8
Reports
First seenAug 19, 2025
Last seenJun 6, 2026

VirusTotal

Not checked

WHOIS

references
https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability, https://socradar.io/cve-2025-8088-winrar-zero-day-exploited-targeted/, https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/, https://www.virustotal.com/graph/embed/ge238fa6bcd1645d1ab11e2d64ffa2a167587c9b8786b4f7d84857091b65f425e?theme=light, https://www.virustotal.com/gui/collection/8b60f30565ddb7af796a862047c3af75cc807a747cef528646185df44b326ff6

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 10 months ago · Last seen 27 days ago
Appeared in 8 threat reports