IOC Radar
SHA256MediumSignal 40/100

ffdbb35111ddaf33ae8cd95604e5ab41b07dd19156d4d2b2e191be61150d5943

Location
UkraineUkraine
First Seen
Apr 16, 2026
Last Seen
Apr 23, 2026
Apr 16
First Seen
61d ago
Apr 23
Last Seen
53d ago
2
Reports
source reports
40%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

20 techniques

Feed Intelligence Summary

2 reports40% confidence
2
Source reports
40%
Confidence score
Category tags
acceptacrongl integbackbazaarcache entrycalls processchrome cachecloseentryeuropefile-hashfirstgif imageindicatorinfolcidmitre attmwdbnextntopenfile filepathphishingpng imageresearchedriffservicessdeepstreamstringformatstringformatdott1003t1012t1014t1036t1046t1055t1056t1071t1082t1083t1095t1140t1203t1221t1485t1496t1542t1564t1566t1573threat actortoggletor nodeukraineunitedunixvp8 encodingwebp imagewindows sandboxx85bxa1pyuv color

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
40
SIGNAL
Signal Score
40%
Confidence
2
Reports
First seenApr 16, 2026
Last seenApr 23, 2026

VirusTotal

Not checked

WHOIS

description
Here is the full text of Yomi's Verdict, which was sent to the BBC by the MITRE team and is now available to view via the web browser, via iPlayer, £1.
references
https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295422&Signature=MGWQsvbK%2B2fzrIXTtkiC8a4hyB42AqIP%2BEYXiYCIQunSYrk3mxbrKM70fNx%2Bnk%2BqR8PHxvPuhe3s0SL1u6JizNPvRu%2FI%2Fr6M0FQnaCaDjJmN9xWKFtyiqCrJmG3YuDnhWyJpFBDJjEPRUTdc3ZQNc6mc9yHGlT3ReRPPj4WmyXPQiyR%2B9OhTVVph7xsVgk%2BNfZ4RKGrJS0kYj9BsMLJpUU2WiqIJxxFhQI%2FsubPcbRl9SSLi66Sc, https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295548&Signature=RKMl9Ti%2FIEwtVcecQkZvvcGP8IRy%2BOarFR0pAA1%2FwIeDTwGqYrAtzLQuLQanu9XcwhzxxjencTEt7C0aekGtzZubGI1CqGmsZwt9HZwmSg5bwM1Mrg6q98HNY14aPYkfvyoWwGqIe%2FBc56KMYG2IQtkp4BI110vNYueOxVdjH7ucAj7VmP5LM%2FMSPZS6FGZOXUGz5uT9dWgmzH84nj0GGXgxzopu7KstQyXUfSe2yoRkYQ2O1weE, https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295630&Signature=TWmnms0j0EAynoVgzAAGnFNZ59548rJO8tXmmDJgPTaMSVEC66%2BiaIuxJdIjws23FyDkw5Q%2BHCPjbG96Tu2xMfJ4MMgCW10JC48yAgqfpHkeataovA7w3qEBAeyk5I6T%2B6gJ8w%2Bn4QCcjhGhNmaQTYB64TylVV7sJHS6ZgMcLjmB8601iHsLImh8d5pqYXP02vB9jxGojeqoESQ2dhme8MwnzE6tio4xIFpNEdjDjBvgHMPbx5E4f9b, https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295686&Signature=e7ilcyg3a0lgCevSKe3wPqb2tRyDyMpmafAu0uPw81VkvqwyU66fBup558Ffl4F81tkypdO1bctU6ufCZrhundVPG%2FjETxKdFFvK%2FScl1Q1SQ2QpRR3YLuvdTg%2FcXqqqLmZ%2BhYe74Wbp8sBMXuMEQSfdZO%2FSoUAxTxF%2FWwfS7aNC8ePcbnl50oI1MRDx0KNodRC3qXoICpUlcL%2FYWtlZMbi67A4qz0HLsz%2B9%2Fj, https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295707&Signature=bFkDOzIAOCZFSxQYdRvHOOIs6LTlLcdExd362Gq1NaK15UiMHX9QT5qHKi42FwP7JAHKv1QHajbGumSMwOtprT5hliFeSV2sw%2BWZ66D0h6%2FChZzROiBuxC6bjaFhnJI8yr2q7TbpC0sGdk%2BGAY8PxRMeNgwZ1VJzNfbkCErzMK%2FTe0jH%2BA0ejQCgeVMwRydbOzl091fXkrl4ombfZJqGFRBzUPUqqUQE3xU4fVDSnT2L%2FKWfHw, https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295736&Signature=OLEx8EplUxZPrF7FhVUZaNqWvPDJu%2Bf7aIpde%2B0wDXGjVso%2BPaIRoZt%2B%2BysT5WjpPpI8cNTbb%2BgPLAT80hcjvZqZv4Jpt%2BfniNnG6sT86NLmmUr8PzZNJeqw4tFKteQCWOiwzF0qJ4Jrv%2BjwmOxizSFEQYwX7JdqRYmCd1kVtEM3PgQqX5%2BW2gAlpSPM2N61J6N5YOhvaHMp52tGKEbaYGMaakcmL7%2FqPuUqJ4a%2FD0y5GE%2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 1 month ago
Appeared in 2 threat reports