IOCRadar

00b72b08d8574f2e2cb12f482a15b980dd2cd9f15d6201e10a39d0a7d57af27d

Hash

18%

SIGNAL STRENGTHSlightly Noisy

FIRST SEEN2025-03-26 02:43:15

LAST SEEN2025-03-29 17:39:01

TAGS

distributed attacks

command and control

malicious software

regional security

credential theft

eu cyber policies

process injection

data exfiltration

pii exposure

botnet

SOCRadar

AI Insight

The presence of the SHA256 hash 00b72b08d8574f2e2cb12f482a15b980dd2cd9f15d6201e10a39d0a7d57af27d is a significant indicator of a potential Revil ransomware infection. Revil, also known as Sodinokibi, is a highly prolific and dangerous ransomware-as-a-service (RaaS) group known for targeting large enterprises and demanding multi-million dollar ransoms. This IOC, sourced from AlienVault OTX Feeds, indicates a high likelihood of malicious activity within the environment, potentially leading to data encryption, system disruption, and significant financial losses. Its association with the 'win.revil - 02.23.25' pulse on AlienVault OTX further strengthens its connection to active Revil campaigns. Immediate action is required to investigate and contain any systems potentially infected with this ransomware variant.

Summary

Hash Type:

sha256

MD5:

SHA-1:

SHA-256:

Files:

File Type:

Top Classifications

Campaign:

Industry:

Country:

Region:

Threat Actors:

Malware:

Feed Sources

Feed Source

Count

Date

AlienVault OTX Feeds

2025-03-29

Threat Activity Timeline

Last 24 hours

Dormant

Last 7 Days

Dormant

Last Month

Minimal Activity

Last 3 Months

Minimal Activity

Extended Threat Intelligence

Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.