TLP:WHITE39 IOCs

Forbidden Hyena adopts BlackReaperRAT in AI-powered campaigns

BI.ZONE

Published March 16, 2026Original Report

Malware Families

Diamond Model

Adversary

Infrastructure(6)

Capability(1)

Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise39

Type	Indicator	Confidence	Score	First Seen
SHA256	dd965684ec191206014e72b302492a5c6ccb285ff4afe4f39cf760f6dccfc129 file-hashintel-blogmalware	Medium	53	Jun 2, 26
URL	http://193.233.48.98:443/systemd-svchelper" intel-blogmalwarenetwork	High	58	Jun 2, 26
IP	193.233.48.98 intel-blogmalwarenetwork	High	58	Jun 2, 26
URL	http://193.233.48.98:443/systemd-cron intel-blogmalwarenetwork	High	58	Jun 2, 26
SHA256	1b5a73cafa33d82e994e8928279a3b97b0c424422bf678284ee9877c00de2c48 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	3e59379f585ebf0becb6b4e06d0fbbf806de28a4bb256e837b4555f1b4245571 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	c3dc5c64193f849ca5048d0e81ee1778ffc086087a20de1e09aef68a8bd560b2 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	71eba7b77838fffb0754852a9335555468dd161f87eb5ce048bceeb4d66ba64f file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	1eb19f45b8b228785d6f9e3736de902b07422b1911790e36a3a1a7dd35ae0b06 file-hashintel-blogmalware	Medium	53	Jun 2, 26
URL	http://193.233.48.98:443/systemd-svchelper intel-blogmalwarenetwork	High	58	Jun 2, 26
Domain	dada-tuda.ru intel-blogmalwarenetwork	High	58	Jun 2, 26
URL	https://t.me/+QFbPfHfSq3E0N2M6?nocache=835746437665545623585263366555762378626338856578457473253887777245347425528 aptespionageintel-blog	High	58	Jun 2, 26
IP	2.59.163.169 intel-blogmalwarenetwork	High	58	Jun 2, 26
SHA256	3fed834849907bdb3ae5fbd6c7a17e67256edf1d2fde2f1473d8dc4dfccfe6e6 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	4fbd2f5b4625fa46b5706748dbb15d3f58fbeda723fc644d0db9174a78cbade1 file-hashintel-blogmalware	High	86	Jun 2, 26
SHA256	19eb63db7fa79fae746e1f2b4d3bc5c4fbd0e7a7a9e372e7345cddd6cb0020c1 file-hashintel-blogmalware	Medium	53	Jun 2, 26
URL	https://t.me/+QFbPfHfSq3E0N2M6 intel-blogmalwarenetwork	High	58	Jun 2, 26
SHA256	4ccd9e987f918500ddfc538d96b78ab4e6383b838e3e508311fd6ae815bd156f file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	8f2d99c8f48c1e73c69666218fa7b791ed5ff7900ee66cf1ea24a711529971ef file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	b94fab0b5c5854055c28b8ab3ce2d579ec9f66140251be8209729464fa717556 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	61a6878a3a864df7664b2729e9ae3b5448dcd1c087cbb36b6a7827d83061c127 file-hashintel-blogmalware	Medium	53	Jun 2, 26
URL	https://t.me/+QFbPfHfSq3E0N2M6?nocache=0-9 intel-blogmalwarenetwork	High	58	Jun 2, 26
SHA256	c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	74056c6fe7d5670c41e56c2d00f27880cf47784caffde890ec3f79c0276c99b8 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	1e20360e439594eeb38782b6dbf8de1de214a0b0f657d6c83c6c7a150498d6f4 file-hashintel-blogmalware	Medium	53	Jun 2, 26
URL	https://confluence.dada-tuda.ru/.w/wrgdfregrtgawreg.vbs intel-blogmalwarenetwork	High	58	Jun 2, 26
URL	https://big-tree.ru/.ss/s.php?k=redacted intel-blogmalwarenetwork	High	58	Jun 2, 26
SHA256	01e0960c04097f73dbaaa45025370763ed26f488538c7195203dd3584d145891 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	5df07f2b3ddae4b24d05926167a4a5968e2748efe744e4600f968be9abd293a2 file-hashintel-blogmalware	High	86	Jun 2, 26
SHA256	507e8666c239397561c58609f7ea569c9c49ddbb900cd260e7e42b02d03cfd87 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	f3064e852a2dd178aeb950c914f42689bf075ccaddf881938c4f7ff6b418d0f4 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	3e9d22280a28ec73b6e84550febb8425d9c660f9777e2e4d3b5baaedea263cbe file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	40fc5e5c4bc7ac0880dcf1635acd01c09dba0411ef7ac4f4cc0e309412aae348 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	7eb58ca2d1bcc354a1a722fb8025d88289e4ec3ecbf0d7d612b7b2d1ee2e26a3 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	dd0983d7b298743ab90fd6b9eff7c24cffa33c2678d82e971a69eeb3fda0ca98 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	50479953865b30775056441b10fdcb984126ba4f98af4f64756902a807b453e7 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	9129f200ec9a89896005ee67457f57ff250f8ebef7ca1ccc75a1b8df42fe9b19 file-hashintel-blogmalware	Medium	53	Jun 2, 26
SHA256	19fd3337b21a78c86880a4eb47657a1cccd08f81e8196b19e508e8820d7ec741 file-hashintel-blogmalware	Medium	53	Jun 2, 26
URL	https://big-tree.ru/.ss/s.php intel-blogmalwarenetwork	High	58	Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph39 total IOCs

SHA256URLIPDomain

scroll to zoom · drag to pan · click IOC to open