IOC Radar
TLP:WHITE35 IOCs

RegPhantom Backdoor Threat Analysis

NS
Nextron Systems
Published March 20, 2026Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREunknownCAPABILITYMETA StealerVICTIMunknown
Adversary
Infrastructure
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise35

TypeIndicatorConfidenceScoreFirst Seen
MD5a37984b91c2054032e856faf2700d278
aptespionagefile-hash
Medium
53
Jun 2, 26
SHA2565650f8e0904433247a0cdc68c7b73c68291b52523dad1edb93a9bd7439273698
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256b2bbdeb48f60e591d78ddc98fffc9504128e9b948fd58a54c2cfa927ff9db105
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25691860b4d03b32a4ca6e8e92856272d953999934e6316f65677a615cbfb8d31d0
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25601c3d2a947c56e16718f1f54c0820996dce1d44da25d38b2a9992eb16e6b11e6
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256cc123e35363aeace09900bf3de76080eb46f7e04edede742dbdf2d80be129cc0
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2566606a963beb709da2d87d685d998e126f2a52efaad64eab8bbb5ba70c7ca5194
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25697876c085318d8606e8478976d98dab77a7e905a87a4b0a27e20d794af25cd4c
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256a0eee7cd05ca3dbddb57414df99768c05ade18f9c13fb31e686558e636badf26
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256aaed39996db0c5f9b7ebbda773e67aced72100af701bf2cd933c3aae6b31f9ce
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2565599ec1f3e1eb52a7e0f3b9dbd0c9849cf494c32ed1e50e76c43d2200daa283a
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256f06dacf7f7152c632ed435ab60bb1a8e9e9a7eb5d416eb6419eb4446f7fa821f
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256218ab4cb7bf3622b4b8d5fa9196d817b91046e1eca84c26091f3f703ab214707
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256006e08f1b8cad821f7849c282dc11d317e76ce66a5bcd84053dd5e7752e0606f
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2567606a3b69488795fe2d71558caab7877ea313425e55a63aebb932d0d92b38aee
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2561f3d90ed62bf1b4fd501cbd435d2519486b60ad91704b6e38b93da00960cd22d
aptespionagefile-hash
Medium
53
Jun 2, 26
SHA25639eabd51174ae57bcaa05fc50ff7bb704464b97e315f6e03a6a447000463b261
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25677646afc50ac65756999441ff5879049c51309745fc9eb86d343174ad5601f2c
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD535c90c38b2c579d612d5970b04702df8
aptespionagefile-hash
Medium
53
Jun 2, 26
SHA2560956ec57c3ddcd24c4d61bd6a4dd16b5f1468f701a286e46b761f5be4fc478ac
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256836259c4475e372277b5115f8f4542c4210fd2817aaacd00f0a350b067fde165
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256cb2ed2ece12a675e19f2b537840a2b5d8bcdd1d508ec5c386178e60161d2cfe8
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2567c9312ebe2afc299a0835a32700cdd2c5099c228799414c48058c0fb6095df9b
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD575a32bf4ee05c4b16004041cab6ea8c0
exploitfile-hashintel-blog
Medium
53
Jun 2, 26
SHA256b10d8bb537ab05e51f08d0b942ee9f92f3226d118fcac794d1a7396bbc0b531f
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256a0c291e8942c8c7fecccff3fbdb65f65c76312d384a73d3748042a319209c91c
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2566e1254e478d5b7e60a7a6c6c23943884eca59b214d5a8ecdbdea1a0bbd08df58
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256f6683adcb8a152d31ef1132ee3f4cb818dcf0b5e361f991286f9fb5d2d747afd
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2568f24be8d38df0d2cec0abf78873b83d2a633b650324e99505993604909a13805
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256c55f5339abaf48b9392df67d5b6f6e011d878d7ee848724ad5dbe8c4d898ef23
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2569721430672e361eff1f92dd4cc81686635730bc9656f1542411ed2df93dea831
exploitfile-hashintel-blog
Medium
53
Jun 2, 26
SHA2562ece92c1b221338b0f37cc033b2a160bb03cd4d3c228f0924fcb7be6c9bbea10
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256f25784a7577f2e4fa254e93458f6c92de66c623a3029c284a39f4076bb8d7046
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25632addf18477324f478bf93ac22be65550bc71450c9bc4fe49aa3be22219aae65
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256703dfb12edc6da592e3dfb951ca2d84bf349e6a16ad3a2ab32b275349956e7c4
file-hashintel-blogmalware
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph35 total IOCs
MD5SHA256
SHA25632MD53Malware1REPORTRegPhantom Backdoor ThreatMETA Stealer
scroll to zoom · drag to pan · click IOC to open