IOC Radar
SHA256HighVerifiedSignal 100/100

f158e3658dfda6b2d721e16f1ac279637317d57dae359e8cdb645be7cbe9ac09

Location
HungaryHungary
First Seen
May 24, 2024
Last Seen
Apr 17, 2026
May 24
First Seen
753d ago
Apr 17
Last Seen
60d ago
5
Reports
source reports
99%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Feed Intelligence Summary

5 reports99% confidence
5
Source reports
99%
Confidence score
Category tags
.plaaaaaaaa nxdomainabuseacceptaccessaccess ta0001access ta0006account securityaccount stealeracintactive scanactivity miraiaddpoaddportmappingaddressaddress domainaddress virtualadware malwareafricaag albertoag ingoagentagent teslaair forcealertsalexa topall quietall scoreblueall searchamerica asnanalysis dateanalytics naanalyzer pasteanalyzer threatandarielandroidanomalous fileapacheappleartemisas35994 akamaiasiaasnoneasnone dnsasnone germanyasnone relatedasnone unitedate hashattackaustraliaaustriaav detectionsavg clamavbackdoorbad reputationbehavbelgiumbinsh binshbiosbitsbodybotnet activitybrazilbrian sabeybrute forcecapecatalog treecharter communicationscheckinchilechina as37963china unknownchromecisco umbrellacitycivil servicescivilian societycleanerclickable urlscloud infrastructurecnamecnapple publiccnc beaconcodecode executioncode injectioncoinminercommandcommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiesconduitcontentcontent typecontrol ta0011cookiecopycorecountrycp buscreation datecredential harvestingcredential stuffingcry killcrypcryptocurrencycur conocyber defensecyber folkscyber warfareczechia unknowndarkgatedata accessdata copyingdata exfiltrationdata redacteddata store exposuredata transferddosddos attacksdeep malwaredefault pagedefense evasiondeletedelete cdelete shadowsdelphidemonbotdenverdenver coloradodetected m1detections filedetections typedevsda1 devsda2digital signaturediscovery e1082distribution managementdiv divdllsdns attackdockdomaindownldrdownloaderdridexdropperdumping t1003dynamicloadere procselffd9e1203 datae1564 hiddenecho requestechobotechobot malwareee edcje4jekyxeelectronic health recordselfelf executableelf infoelf64 dataemailsemails infoemotetencryptencryptionenglishenterprise securityentriesenumerateseofaeerroret exploitet trojanetagetpro malwareeuropeeurope/asiaeva120evasion ob0006execexecutable fileexpiration dateexpires thuexploitexploit noneexploitationexploitation activityexternal-resourcesfakedout threatfederation asnfile-hashfilesfiles deletedfiles domainfiles ipfiles locationfiles matchingfiles referringfin ivdofirstflag unitedflagsfor privacyformatfoundfreight forwardingfri marfromgafgytgenericgeneric malwaregermanyget helloget httpgiftsgoogle safegoogle taggootloadergovernment technologygraphgraph summarygrumguardh devsda2hasheshashes capeheader classheader intelheader versionhealth care and social assistancehealth information technologyhealthcare information systemshellohelloworldheurhichinahidden privacyhide artifactshighhighly targetedhistorical sslhitmenholidaycheck aghome networkhondurashong konghospital managementhosthostinghostnamehostname enumerationhttphttp attackhttp headershttp hosthttp requesthttp requestshttp scannerhuawei hg532huawei remotehungaryicmp trafficidentity & access exploitationids detectionsiframeiframesimmobilien agimpact ob0008impact ta0040inboundindicatorindonesiainfo compilerinfo sectionsinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinjectorinsight taginstallintelinternet of thingsinventory managementiobitiocsiosiot botnetiot securityiot/ics attackipv4irelandireland unknownissuing cait infrastructurejapanjaws webserverjody alaskajody huffinesjsonjustkarenkenyakey algorithmkey identifierkey infokraupakurt waltherlabs pulseslazaruslibmultipathlicesslink librarylinuxlnmplnmp aloccel1logiclogistics technologylooklookupsloudoun countym1magic elfmagic msdosmagic pdfmail spammermainmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious sitemalicious softwaremalwaremalware distributionmalware genericmalware signingmalware trafficmalware wormmalwarebazaarmcicsmedia centermedical servicesmediummemory patternmetametadata analysismethod statusmexicomicrosoft rootmicrosoft stuffmillionminiigd upnpmiraimirai botnetmirai variantmitmmitre attmobilemobile carriersmobile networksmobile securitymobile threatmodify systemmodule loadmodulesmoroccomovedms visualms windowsmsdefender aprmsiemsilmvpower dvrnamename md5name microsoftname serversname virtualnation-state activitynciipcnetherlandsnetsupport ratnetworknetwork communicationnetwork scanningnextnidsno datanobitsnondnsnorth americanumberob0005 defenseoceaniaodigicert incoffset sizeopenoperating systemoperating system securityorgdnshandleorgdnsreforsamos credentialotxotx scoreblueoutbound trafficoverview ipp m0755packing t1045pandapassive dnspassword bypasspatch managementpatient carepattern domainspayload hellopdb pathpdf documentpdf executionpe resourcepe32 executablepedrazpegasus relatedperforms dnsperuphishingphishing attackphishing sitephy samopleasepleskplesk apolandpoland unknownponypornportpostpostal codepostspowershellprocess injectionprocess t1543process32nextwprocesses treeproducts idproject piprotocol t1071protocol t1095public administrationpublic infrastructurepublic policypulse pulsespulse submitpulsespuma sepushquantum fiberqueryr englishramnitransomransomwareransomwormrceread crealtek sdkreconreconnaissancerecord typerecord valuerecycle binred teamredacted forredline stealerregistrant nameregistry keysregszregulatory agenciesrelatedrelated nidsrelated pulsesremote accessremote servicesrequestresearchedresolverrorreverse dnsrostpayroundrpcsrsa tlsruntime modulesrussiasabeysafe sitesamplessandboxscams & fraudscan endpointsscript domainsscript urlsscripting attackssearchserce internetuserverserver caserver errorserversserviceservice scanservice-scanshellshell commandsshell uceshipping servicesshitshowshowingsingaporesinkhole cookiesitesize entropysize rawskynetslcc2slovakiasmbds ipcsmugglers gambitsneaky serversoa nxdomainsoap commandsocial engineeringsocial media securitysoftware developmentsoftware exploitationsoftware integritysoftware vulnerabilitiessouth americasp6 buildspainspamspammerssdeepssl certificatestatusstealerstreamstrtabsubject keysubject publicsummarysupply chain attacksupply chain managementsuspsweepswippswipp9-arinswipperswitch dnsswrortsystemd servicesysvt1003t1005t1012t1021t1021.001t1023t1027t1030t1036t1040t1041t1045t1047t1055t1057t1059t1059.001t1059.007t1060t1064t1064 executest1069.001t1071t1071.001t1078t1082t1086t1089t1105t1106t1112t1119t1129t1133t1140t1143t1189t1189 foundt1190t1203t1204t1204.001t1204.002t1210t1485t1486t1496t1499.002t1554.001t1554.003t1564t1565t1566t1566.001t1566.002t1566.003t1573t1587.001t1589.001t1590.001ta0002 commandta0004 createtag counttaiwantaobao networktelecom servicestelecommunicationstexttext/htmlthailandthreat actorthreat networkthreat roundupthreatstiggretimo salzsiedertitletofseetoolstor nodetotaltptjswtransportation managementtrid adobetrid dostrid elftrojantrojan featurestrojan malwaretrojandroppertrojanspytsara brashearsttl valuetulachtypetype addresstype gettype rtrcdataunitedunited kingdomunited statesunixupdated dateupdaterurlsurls httpurls httpsus bundledusersutc gcfezl5ynvbutc googleutc linkedinv objectv3 serialvalid fromvalue snkzvaultverisign timeverizonvhashvietnamvietnam unknownvirtoolvirusvulnerability scanwacatacwannacrywannacry killwarehouse operationsweb exploitationweb securityweb trafficwhoiswhois lookupswin16 newin32 dynamicwin32 exewin32 malwarewin32sfone julwindowswindows malwarewindows modulewindows ntwirelessdatanetworkworldwormwritewrite cwsasendx cachex509v3 keyxe exportyara detectionsyara ruleyomi hunterzenboxzombie

Activity Timeline

1 total obs
Apr 17Apr 17

Threat Activity Heatmap

· Peak: 2026-04-17
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
5
Reports
First seenMay 24, 2024
Last seenApr 17, 2026
Verified IOC

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 years ago · Last seen 2 months ago
Appeared in 5 threat reports