SHA1MediumSignal 56/100
4f65118960bd8bcc744d62e6f464f8bc82c85a9e
Location
First Seen
Mar 5, 2023
Last Seen
Jun 25, 2026
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
7 reports56% confidence
7
Source reports
56%
Confidence score
Category tags
abrahamabuseacademic institutionsactive directoryactive scanactive scanningadvanced portakiraakira iocsakira ransomware attackanapaanydeskasnsautomotive manufacturingbackdoorbackup destructionbad reputationbankingbazarbazarbackdoorbeaconbitcoinblockchainbotnet activitybrute forcecalls-wmicharmpower lurechecks-bioschecks-memory-availablechecks-network-adapterschecks-user-inputchiselchrome browsercisacisa kevcisco asaclearclear farusbigclear httpscmd365 samplecobalt strikecobaltstrikecode executioncommandcommand & controlcommand and controlcommand executioncommodity contracts intermediationconsumer goodscontactconticorecredential accesscredential stuffingcredential theftcredit card servicescrypto exchangecrypto miningcrypto walletcryptocurrencydata encryptiondata exfiltrationdata store exposuredecentralized financedesktopdetect-debug-environmentdev1084 batchdiavoldigital currencydirect-cpu-clock-accessdouble extortiondownload rportdrokbkdrokbk c2educational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingemotetencryptionesxieuropeexploitexploit avaliableexploitationexploitation activityextortionfilefile-hashfinancefinancial servicesfinancial technologygmergoogle firebasegroup policyhasheshealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhostname enumerationhotspothypervidentity & access exploitationimpactin the wildindicatorindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyingress tool transferinjection activityinstalliocsiot securityit departmentit infrastructurek-12 educationkalikirpichknown hostnameslateral movementlazagnelilocclockbitlockbit ransomwarelong-sleepsmalicious downloadmalicious powershell activitymalwaremalware distributionmanufacturing technologymedical servicesmegamfa bypassmitre attmniamimobile threatna clearnation-state activitynetscannetwork scanningnirsoftnlbrutenokoyawaoperating systemoverlaypasspatient carepayloadpayment processingpeexeperuphishingpingcastleplay ransomwareprivilege escalationprocess hackerprocess injectionprocess manufacturingpsexecqakbot c2squakbotquality controlransom noteransomwarereconnaissanceremote accessremote desktopremote servicesresearchedretail tradermm-toolroyalroyal ransomwareroyal threatrport domainrport legitrspichruntime-modulesryukscannerscript backdoorscripting attacksserver usesignedsoftware developmentsoftware exploitationsophossourcesouth americassl vpnstopransomwaresupply chain attacksupply chain managementsurveysystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.004t1027t1048t1053t1055t1056t1059t1059.001t1068t1069.001t1070t1071t1071.001t1078t1082t1083t1086t1090t1105t1110t1113t1133t1136t1187t1190t1199t1203t1204t1204.002t1210t1213t1218t1485t1486t1490t1491t1497t1539t1547t1552.001t1555t1560t1561t1562t1562.001t1566t1567t1569.002t1588t1589.001t1595.001t1595.002t1595.003ta machinethreat actortoolstortor nodetrickbotttpsukraineunc1878united kingdomveeamvia-torvpnvpn exploitationvpn kalivulnerabilityvulnerability scanwealth managementwin32 malwarewindowswindows malwarewinrarwinscpwizard spiderzensec
Activity Timeline
Jun 25Jun 25
Threat Activity Heatmap
· Peak: 2026-06-25LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
7
Reports
First seenMar 5, 2023
Last seenJun 25, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32 executable (GUI) Intel 80386, for MS Windows
- references
- https://zensec.co.uk/blog/unmasking-akira-the-ransomware-tactics-you-cant-afford-to-ignore/, https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a, https://labs.inquest.net/iocdb, Threat Insights: Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets, https://www.cisa.gov/sites/default/files/2023-03/aa23-061a-stopransomware-royal-ransomware.pdf, IOCs for Bazar, Conti, Diavol, Ryuk, TrickBot, WizardSpider 05042022.csv, https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/, https://bazaar.abuse.ch/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 4 days ago
Appeared in 7 threat reports