SHA256MediumSignal 51/100

`e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2`

Location

United Kingdom

First Seen

Aug 3, 2025

Last Seen

May 9, 2026

Aug 3

First Seen

314d ago

May 9

Last Seen

36d ago

Reports

source reports

51%

Confidence

medium

Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

51%

Signal Score

51 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

53 techniques

Feed Intelligence Summary

3 reports51% confidence

Source reports

51%

Confidence score

Category tags

aaaaaaaa nxdomainacademic institutionsacceptaccept encodingaccess typeaccount compromiseaccount securityactive scanadd industryadd tagadded activeaddressadobe productadobe systemsadversary tagsai applicationsai researchai solutionsalertsall hostnameall scoreblueall searchall urlamerica flaganalysis dateanalysis tipanalytics naantivmapacheapi keyapisappleaptarial helveticaartificial intelligenceartroasciiascii textasnone unitedattackattribauroraauthor avatarav detectionsbabybackdoorbad trafficbillbodybooleanbotnet activitybrazil unknownbrute forcebuilderbusiness internet servicesbuttonbuzzca mechanismcallscanvaschatcheatcheckinchromecityck idck matrixck techniquesclassclick-based attackclose logcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecnamecnr10cnr11cnr3code executioncode injectioncommandcommand & controlcommand and controlcommand executioncommand typecommon namecommunication protocolcomputer visionconfigcontactconverter pdfcopy md5copy sha1copy sha256corecrazy dollcreation datecreatortoolcredential harvestingcredential stuffingcriteria idcrlfcrlf linecrypdaamdata accessdata copyingdata exfiltrationdata exfiltration attemptdata store exposuredata transferdata uploaddays agoddosddos attacksde notede seende summarydeep learningdefense evasiondeletedescription svgdesigndetections nonedfn vereindigital mediadinodirectdirectordiv divdns attackdnssecdockdocument filedom getdropdynamicloaderdyndns domaineaaaeacaeaeieastedit3iconeducational resourceseducational serviceseducational technologyegdiemailsemotet typeemotionencryptencrypt httpsencryptionenomenter sourceentertainment technologyentrieserrorerror allerror fet infoeuropeeurope/asiaexclude dataexclude suggesexecutable fileexpirationexpiration dateexpiredexploitation activityextra dataextra infoextre datafactoryfailedfailurefake delivery notificationfalcon sandboxfalsefile-hashfilesfiles domainfiles ipfiles locationfiles relatedfinalfindfind sflagflag unitedflashfonoford mustangformformatformbook cncfoundfoundryg4 rsa4096gartnergdlnamegeckogeneral fullgeneral infogermanyget fiosget httpsget nagithubgithub pagesgna7hdugoogle httpsgraphgraph summarygraphics imagegreengroups addgt convertiblegtmw2vn2cqguardguest systemhack typehashhealth typeheuristic matchhighhigher educationhistorical otxhomehostname enumerationhtml documenthtml pagehtmldivelementhttp attackhttp scannerhumanhunkhybridhybrid analysisiacaid loggedidentity & access exploitationidlogin sepids detectionsieedge chrome1ilike searchimageimportinclude reviewindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinputinput validation bypassinstallintegerintelinternet of thingsiocsiot botnetiot securityiot/ics attackipv4ipv4 addipv6irfan skiljanisns functionissuer nameit infrastructureitalyitaly unknownjava sourcejsonk-12 educationkaaakacakermkey usagekhtmllanc typelearnless ipless whoislf linelinterlinux x8664livelocallog idlog operatorlog urllooklte networkmaaamac osmachine learningmalicious activitymalicious downloadmalicious linksmalicious softwaremalicious yaramalwaremalware distributionmanipulatormarkmonitormcig sepmedia & entertainmentmedia centermedia distributionmediummeta httpmeta namemetadata analysismiori hackersmirai botnetmirai typemitre attmitre attackmodelmodels fordmodule loadmonomovedmozillamozilla archivemozilla firefoxmsiemtb descriptionmulti-cloud managementmultimedia productionmusicmustang coupename servername serversname tacticsname valuenation-state activitynatural language processingnetwork infonetwork scanningnextnextc typeninaniniteno expirationnode trafficnull bitoctet stringoletonlineoo dataopenopenurl copera widgetoperating systemoperating system securityorgidotx logoouteroveroverview ipoverview zenboxpage urlparis adminpartpassive dnspath traversalpattern matchpcappdf reportphishingphishing attackphonephone servicesphp scriptpkcspkixpkix keypleaseplease notepngpng imagepng multimediapoisonporn typeportpossible surveillancepostpostal codepragmapresent febpresent janprivacy adminprivacy violationprocess injectionprocesses extraproducer pdftkproducer solidprogramprojectprotectprovider statusptr recordpublic tlppulsepulse providepulse pulsespulse showpulse submitpulse usepulsespulses emailpulses otxpulses urlpushransomransomwarereactreadread creadsreconnaissancerecord valuereferenrefreshregexprelated nidsrelated pulsesrelated tagsremote accessremote servicesreport spamrequestrequest idresearchedrestartreturnurl noreverse dnsreview iocsrevocation datergbarmhs articlermhs ogrobotorobots contentrocky mountainrole titlerootrotateccwiconroutersih objectrsiw numberrunnerrussiasan franciscosandboxsaveiconsc datasc onlogonscalable vectorscams & fraudscan endpointsscorescript urlsscrollse sourcesea xsearchsearch criteriasearch startsectigo httpssecuresecure serversecurity tlsselfserversservicesetupnsshopshop verizonshortcutitemshowshow techniqueshowingsitesizeslcc2slider pluginsmallsmoke loadersocial engineeringsocial media securitysoftware developmentsoftware exploitationsoldierspamspanspawnsspeedstarstatusstopstreaming servicesstringstringssubject dnsubmitsummarysummary leafsupportsweet homet1005t1010t1021t1021.001t1027t1030t1046t1055t1055 processt1056t1057t1059t1064t1069.001t1071t1071.001t1078t1082t1083t1095t1105t1129t1133t1140t1176t1185t1190t1203t1204.001t1204.002t1480t1480 executiont1486t1496t1497t1499.002t1518t1534t1543t1555t1560t1562t1564t1565t1566t1566.001t1566.002t1566.003t1573t1574t1587.001t1589t1589.001t1590.001t1598tag managertagstelpertext dragthreat actortimestamp entrytitletitle datatls handshaketls servertls webtlsv1toolstor nodetrextrimtrojan malwaretrojanclickertrojandroppertrojanspytulach typetwittertype indicatortypeoftypes ofuaaauchaunicode textunisunitedunited kingdomupgradeurlsus noteus seenuser executionusersutc amazonutc aw2761768utc aw685973utc bingutc dc685973utc dc9849921utc g12r1dx1lx7utc googleutf8 textv2 documentvaluevalue emailsvaryverdictverifyverizonverizon businessverizon business accountverizon business phoneverizon business planverizon business serviceverizon for businessvetting processvideosvirtoolvirtual disk drivevoicevym mindwaaawarriorweb application attackweb application exploitationweb securityweb trafficwhitelisted ipwhois registrarwhois serverwin32 malwarewin32 typewindirwindowwindows malwarewindows ntwormwpbakery pagewritewrite cx8664xiconxlsmxlsxyaaayara detectionsyouthzip archivezur foerderung

Activity Timeline

1 total obs

May 9May 9

Threat Activity Heatmap

· Peak: 2026-05-09

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

51%

Confidence

Reports

First seenAug 3, 2025

Last seenMay 9, 2026

VirusTotal

Not checked

WHOIS

description: A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #

`e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy