IOC Radar
SHA256HighVerifiedSignal 93/100

fd65051c61a904a304919c04a8c8633c001183ac73ac461cd4d9057946f02bf5

First Seen
May 10, 2026
Last Seen
Jun 2, 2026
May 10
First Seen
34d ago
Jun 2
Last Seen
12d ago
5
Reports
source reports
93%
Confidence
high
32/75
VirusTotal
detections
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
93%
Signal Score
93 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

18 techniques

Feed Intelligence Summary

5 reports93% confidence
5
Source reports
93%
Confidence score
Category tags
arctic wolfchecks-usb-buschromechromestealerekz infostealerendpoint exploitationexecutable fileexploitation activityfile-hashfirefoxforticlient emsgenerichttphttp postindicatorinfostealeripv62a03ipv62a12linuxmsinoteopencti_label forticlientopencti_label forticlient emsosintpowershellremote accessresearchedscriptsuspt1003t1012t1027t1041t1055t1055.012t1057t1059t1059_001t1070t1070.004t1083t1090t1140t1190t1497t1497.003t1555t1555.003vpn configuration abusewindowswolf

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
93
SIGNAL
Signal Score
93%
Confidence
5
Reports
First seenMay 10, 2026
Last seenJun 2, 2026
Verified IOC

VirusTotal

32/ 75vendors flagged
43% detection rateJun 5, 2026

WHOIS

description
What do you need to know about security operations and how to get them in the best possible position to protect your business from cyber attacks and breaches? and what can you learn about this new platform?
references
https://arcticwolf.com/resources/blog/forticlient-ems-exploited-via-cve-2026-35616-to-deliver-ekz-infostealer-disguised-as-a-fortinet-patch, https://arcticwolf.com/resources/blog/forticlient-ems-exploited-via-cve-2026-35616-to-deliver-ekz-infostealer-disguised-as-a-fortinet-patch/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 month ago · Last seen 12 days ago
Appeared in 5 threat reports