IOC Radar
SHA256MediumSignal 99/100

f3a1576837ed56bcf79ff486aadf36e78d624853e9409ec1823a6f46fd0143ea

Location
IndonesiaIndonesia
First Seen
Mar 2, 2023
Last Seen
Apr 5, 2026
Mar 2
First Seen
1205d ago
Apr 5
Last Seen
75d ago
14
Reports
source reports
99%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

61 techniques

Feed Intelligence Summary

14 reports99% confidence
14
Source reports
99%
Confidence score
Category tags
abuseaccount brute forceaccount enumerationactive scanactive scanningactual cryptoapplication layer protocolattackauthenticationauthentication abuseauthentication attackauthentication attemptsavoslockerbabukbad reputationblack bastablackcatboombotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsc2chacha20cheerscryptcheeseclicli ransomwarecommand & controlcommand and controlcommand line interfacecommon protocol scanningcommunication protocolconticoolcredential accesscredential brute forcecredential brute forcingcredential stuffingcrimecryptocurrencycryptocurrency threatscryptojackingdarksidedata encryptiondata enumerationdata exfiltrationdata store exposuredatabase securityddosdefray777denial of servicedetect-debug-environmentdistributed attackselfencryptionenumerationenumeration activityesxiesxi encryptoresxi ransomwareevasion techniquesexecutable fileexploitationexploitation activityexploitation attemptextortionfailed login attemptsfilefile-hashfinancefirst linuxflirtftpftp brute forcehackhellokittyhttp brute forcehttp scanneridaproidentity & access exploitationimapimap brute forceindicatorindonesiainitial accessinjection activityinjection attackslanguage targetlateral movementlinuxlinux esxilinux malwarelinux ptracelinux versionlinux/esxi ransomware attacklockbitlockbit linuxlockbit2lockbit3lockbit3_fslockbit5lockbitsupplogin attacklogin attemptlogin attemptslogin brute forcelunamalmalicious activitymalicious softwaremalwaremasscannetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnewsnmap scanoperating systempassword attackpassword attackspassword sprayingpayloadpop3 brute forcepotential compromisepotential intrusionprocess injectionprojectprotocol exploitationptraceraasraas modelransomransomwarereconnaissancereconnaissance activityredalertremote accessremote access attemptsremote servicesreportsresearchresearchedresource hijackingrestrevilrustsandboxscanning activitysecurity operationsselling modelserviceservice discoveryservice enumerationservice scansmb brute forcesmtpsmtp brute forcesodinokibissh attacksupportsuspected compromisesynsyn scansystem disruptiont1016t1016.001t1018t1021t1021.001t1021.002t1027t1036t1040t1046t1047t1048t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1069.001t1071.001t1076t1077t1078t1078.001t1078.003t1083t1087t1106t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1190t1486t1490t1496t1499.002t1499.003t1543.002t1562.001t1563t1565t1589t1589.002t1589.003t1590t1592t1592.004t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelnet threatterminates vmsthingsthreat actorthreat intelligencetor nodetrend microucod4dzlvudp port scanudp scanunauthorized accessunauthorized access attemptvalid accountsvm suspensionvmwarevmware esxivulnerability scanweb application scanningweb trafficyara

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
14
Reports
First seenMar 2, 2023
Last seenApr 5, 2026

VirusTotal

Not checked

WHOIS

references
https://threatfox.abuse.ch/export/csv/recent/, https://labs.inquest.net/iocdb, https://blogs.vmware.com/security/2022/10/esxi-targeting-ransomware-tactics-and-techniques-part-2.html?utm_source=rss&utm_medium=rss&utm_campaign=esxi-targeting-ransomware-tactics-and-techniques-part-2, https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html, https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html?utm_source=rss&utm_medium=rss&utm_campaign=esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1, https://blog.trendmicro.co.jp/wp-content/uploads/2022/02/%E4%BE%B5%E5%85%A5%E3%81%AE%E7%97%95%E8%B7%A1%EF%BC%88Indicators-of-Compromises%E3%80%81IoCs%EF%BC%89-Analysis-and-Impact-of-LockBit-Ransomwares-First-Linux-and-VMware-ESXi-Variant.pdf, https://blog.trendmicro.co.jp/archives/30271, https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html, https://www.malshare.com/daily/malshare.current.all.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 2 months ago
Appeared in 14 threat reports