IOC Radar
TLP:WHITE9 IOCs

Threat Actor Uses Steganographic Webshell and Defence Impairment Before Mimikatz Execution

CP
Cyber Press
Published July 2, 2026Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREunknownCAPABILITYMimikatzVICTIMunknown
Adversary
Infrastructure
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise9

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2023-26360
exploitintel-blogmalware
Medium
51
Jul 2, 26
SHA256f63d293e117cae1d0a6c24359fc1361a9dc48178049cc6491051b09268c8c39c
file-hashintel-blogmalware
Medium
53
Jul 2, 26
MD53eb6f92aedf74f109c7b4b0897ec39a8
aptespionageexploit
High
60
Jun 11, 26
SHA25640859ede262098086962ab00c89f02452aa9941c88c7f4ac002db166179980c6
file-hashintel-blogmalware
Medium
53
Jul 2, 26
CVECVE-2023-29300
exploitintel-blogmalware
Medium
51
Jul 2, 26
CVECVE-2023-29298
exploitintel-blogmalware
Medium
51
Jul 2, 26
MD5d649ca90ff8f49c5b7c9cfa8cf5ded23
aptespionageexploit
Medium
53
Jul 2, 26
MD5fe31476fe9d84070912ad058d3b574e1
aptespionageexploit
Medium
53
Jul 2, 26
SHA256bd74a00f4d2ec3bf50d13ddf324bb368b2464d547abd0c572ef5e2f77943a920
file-hashintel-blogmalware
Medium
53
Jul 2, 26

IOC Relationship Graph

IOC Relationship Graph9 total IOCs
CVESHA256MD5
CVE3SHA2563MD53Malware1REPORTThreat Actor Uses SteganogMimikatz
scroll to zoom · drag to pan · click IOC to open