IOC Radar
SHA256HighVerifiedSignal 71/100

f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97

Location
ParaguayParaguay
First Seen
Jun 21, 2024
Last Seen
Jun 5, 2026
Jun 21
First Seen
714d ago
Jun 5
Last Seen
today
5
Reports
source reports
71%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Feed Intelligence Summary

5 reports71% confidence
5
Source reports
71%
Confidence score
Category tags
active scanactive scanningadwindaman mishraandroidanydeskapisattackautoitbackendbad reputationbankingbanksbotnetbotnet activitybrute forcecapturecobalt strikecobaltstrikecodecode executioncode injectioncoinminercommand and controlcommand executioncommercial bankingcommunication technologiescredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescryptocurrencycryptocurrency threatscryptojackingcyber securitycyber threatsdalbitdata encryptiondata exfiltrationdata store exposuredebuggerdefense evasiondetect-debug-environmentdirect-cpu-clock-accessdiscorddistributed attacksdll placementdll side-loadingdll sideloadingdllsdynamic linkdynamic link libraryencryptionenterprise securityerebusevasionexploitation activityextortionfeaturefigurefile-hashfileless attackfinancefinancial institutionfinancial servicesfinancial technologyfollowfraudfregftp brute forcegod withouthackhacker grouphoudinihttp brute forcehwormidentity & access exploitationindicatorindicators ofinfoinformation technologyingress tool transferinjection activityit infrastructurekeyloggerknown-distributorlateral movementlibrarylockbitlockbit threatlockerlsassmalicious activitymalicious powershell activitymalicious softwaremalwaremetasploitmobilemobile carriersmobile networksmobile securitymobile threatmtncimtnci descrmultiple protocolsnanocore ratnation-state activitynetbouncer se1netbouncer uk1netwirenetwork scanningnetwork service scanningnssmopera1eroperating systempackerparaguaypasspatch managementpayload deliverypaymentpayment processingpeexeperuphishingphishing attackplaying godpowershellprocess injectionpsexecransomwareratratsrdpwraprdtoggle wherereconnaissanceregsz dremcosremcos trojanremote accessremote access trojanremote servicesresearchedresource hijackingruntime-modulessafetykatzscams & fraudscripting attackssecurity operationssecuritylayer tserviceservice enumerationservice scansigned binary abusesilentsocial engineeringsoftware developmentsoftware exploitationsoftware updatesoftware vulnerabilitiessouth americassh attackstrongsupply chainsupply chain attackswiftsystem disruptiont1021t1021.001t1027t1036t1036.004t1036.005t1046t1047t1053.005t1055t1055.001t1055.002t1059t1059.001t1059.003t1064t1069.001t1071t1071.001t1076t1078t1078.002t1082t1083t1086t1087.002t1105t1106t1110t1110.002t1195t1203t1204.002t1218t1486t1490t1496t1499.001t1499.002t1499.003t1547.001t1563t1565t1566t1566.001t1566.002t1566.003t1567.001t1569.002t1574.001t1574.002t1589t1595t1595.001t1595.002t1595.003teamtelecomtelecom servicestelecommunicationsthreat actorthreat intelligencethreat reporttipstoolstor nodetrojantrojan malwaretrustedtwitterudp port scanvenom ratvenomratvia-torvulnerability scanwealth managementwebdavwebshellwhoiswin32 malwarewindowswindows malwarewmiexecwshwsus

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
5
Reports
First seenJun 21, 2024
Last seenJun 5, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
PE32+ executable (console) x86-64, for MS Windows
references
https://gbhackers.com/lockbit-operators-use-stealthy-dll-sideloading/, Aug1.pdf, https://www.security.com/threat-intelligence/lockbit-ransomware-attack-techniques, https://asec.ahnlab.com/en/52538/, https://explore.group-ib.com/opera1er-eng/report-opera1er-eng

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen today
Appeared in 5 threat reports