SHA256MediumSignal 91/100

`e7223046ea3e5ee2d9166f2090558479bd85880a8f5ccba6621320dd9c3e4871`

Location

Monaco

First Seen

Mar 4, 2025

Last Seen

Apr 17, 2026

Mar 4

First Seen

463d ago

Apr 17

Last Seen

55d ago

Reports

source reports

91%

Confidence

medium

Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

91%

Signal Score

91 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

34 techniques

Feed Intelligence Summary

3 reports91% confidence

Source reports

91%

Confidence score

Category tags

active scanactive scanningagf textandroidapplication layer protocolarialaslrattack networkauthentihashbasicblack editionbotnetbotnet activitybrakbrute forcebrute force attackscache entrycalls processchromechrome cachecodecommand and controlcommand linecommunication protocolcompromised systemcomputer markupconsolecredential accesscredential brute forcingcredential stuffingcrlf triidcza typdanadata exfiltrationdata store exposureddosddos preparationdenial of servicedicrtdistributed attacksdostawaelfentryexecutable fileexploitation activityextra infofeature accessfile-hashfilesfiles cformatftp brute forcefull pathguest systemhelveticahelvetica neuehtmlhtml internetidentity & access exploitationie 910iii dbtimphashindicatorinfo processesinjection activityinteliot device targetingiot securityisoiecixchatlauncherjednostkajeleniej grzejoomlajsonjzyk znacznikwlinuxlinux systemsmagia dokumentmalicious softwaremalwaremalware propagationmarkermobile threatmonacoms windowsmutexes nothingnation-state activitynetwork attacksnetwork probingnetwork protocolnetwork scanningnetwork securitynextopen geospatialparent pidpartpe filepe32 executablepejzaszplikprocess injectionprotocol exploitationprzejdransomwareread registryreaqtareconnaissanceregistry keysresearchedsafariscriptsd rejonowysimplesqlitessdeepssh attackt1018t1021t1021.004t1040t1055t1056t1059t1059.004t1071t1071.001t1078t1078.002t1082t1095t1105t1110t1110.001t1110.002t1486t1496t1497t1497.001t1498t1498.001t1499.002t1499.003t1518t1565t1566t1566.001t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltelfhash tnulltelnet threatthreat actortor nodetyp plikuultimate fileunicodeurlsusb driveutc8 networkvhashwhaszwin32 dllwin32 exewindowswindows sandboxz bardzozenbox verdictzip backupzip spynote

Activity Timeline

1 total obs

Apr 17Apr 17

Threat Activity Heatmap

· Peak: 2026-04-17

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This indicator of compromise (IOC) represents a significant and immediate threat to organizational security, warranting urgent investigation and mitigation. The high severity score of 91.31 and its presence across multiple reputable threat intelligence feeds strongly suggest active malicious activity. This specific SHA-256 hash is associated with sophisticated botnet malware families, including DarkNexus, Gafgyt, and DemonBot, which are commonly leveraged for large-scale distributed denial-of-se…

Threat ScoreHigh Risk

SIGNAL

Signal Score

91%

Confidence

Reports

First seenMar 4, 2025

Last seenApr 17, 2026

VirusTotal

Not checked

WHOIS

description: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
references: https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_ReaQta-Hive.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776404544&Signature=LCRNjms1qthotVXcKmffBD10Y7DKisr7k%2BlVYrTjCank6HB3%2ByH%2F1sAynrAczQNJMFvSCN5berXjisgbRQS12Ua0xWRr9S8WNELQIpaix5s1ZmT%2F20DZy3aPTFnkYjLEAbwCqct2rNETUFlznOBprz2NuaYDQTMU%2BBIuWQmPBconTM%2Bl3i3R2ijpm8NB74T2%2FHObuJDy9Q6nZLrypCtVXWXhM%2FFXBVbGbSnv8YuAN1knzyCy7, https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_VenusEye%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776404740&Signature=UTWPNbGAoA9TgTHQiId%2B2IX5vXvrJW9JEMICUB8TIsjB%2F%2FqCyeDRc4kvJNYPqQxTrStjGw64eO9p5qPWO6VtkqSnCJfMhO67pVlA8pr2ftHKAGXBV5zwKVkKMUZEs45BhHkY1DLOe0o69EkrN5SlNTblrAVGT5Q6ZG54BbmLetpACp804v%2F9sfa7RgSTZBnItoA9xHcNnivoqRtyhreowE%2FTLFAXboIqs9cti95uwbKKhqzb, https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776404830&Signature=xTx%2BpDgPVcC%2F9bas7r9zOD2cjhR8moW2kepUI6Dfmz5WrCrWqUpFCtn3pgbDYZqdfFa8HCluzOBpUA8ULheNBisUcHil3cplF57DdYR1C1d9uPgSqqOrjpYXoL3OtlzZFv8X00%2Ft7xwGwRgS9BohRtLi8EFvJTAJ7RC7EOm9FpG49dFxcnvjNDFSixUo2g9P0f4m0li3fkcR9onjdL2WmM1vSmAJBiaVxCMHhG8K49Ro3AwUrT9AV2uG9CnH%2Bu, https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776404848&Signature=WmTL2fYm%2FkDYVa9Qo9Nz9RPF1sK%2BSfCJJtstGHcUos0pBsz0gehytubNXzwSckZACwulvt8Ye%2BDV3Q82C9WedSfmtisHhwbJuUC69xdfCcBiGcZjiEl%2FCDYoT5bQr16cZP7weWAn%2Beg8YFq4S5VWlVp3M7vNlHJSPy%2Bt4RNKiO6O5wHc74tX7b5Hvl08W9i%2F6vQ8iTmB0OFx21UK%2FG4wdLMIrBbhaxVD3zWi81iu0vgOU9, https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776404928&Signature=tWjsWqqnoY%2FioSmCeqIaZY4021%2Bm6UFV%2BEiTdTHnMx6FcCgc4YRDjhGLoV24Vk%2Bq8%2Fz0qx1OAHNDq3adCrUxmP%2BTR0vYWjYEiuy%2F6hg7oSF9eiX%2BAEgRS7vQzZdiOy7%2BoKaLRFGet0HWmKoQkMYLyrY9Yu4k5mnQmOG4oecchl9baESpYfESVVfol0t7Xn%2FZCVd%2FH5gn%2BCysfY7lTC07sxIs0Cc6%2F%, https://uldk.gugik.gov.pl/?request=GetParcelById&id=141201_1.0001.1867/2, http://www.jelenia-gora.sr.gov.pl/ lHFK3zLwRFYNAVVF.txt output.156419265.txt, http://jelenia-gora.sr.gov.pl/, https://waf.intelix.pl/957476/Chat/Script/Compatibility, http://orzeczenia.jelenia-gora.so.gov.pl/content.pdffile/$002fneurocourt$002fpublished$002f15$002f500500$002f0000503$002fC$002f2013$002f001339$002f155005000000503_I_C_001339_2013_Uz_2014-01-28_001-publ.xml, http://orzeczenia.jelenia-gora.so.gov.pl/content/$N/155005000000503_I_C_001819_2012_Uz_2015-04-30_001, https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.rules

`e7223046ea3e5ee2d9166f2090558479bd85880a8f5ccba6621320dd9c3e4871`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy