IOC Radar
SHA256MediumSignal 99/100

d67a475f72ca65fd1ac5fd3be2f1cce2db78ba074f54dc4c4738d374d0eb19c7

Location
IndiaIndia
First Seen
Mar 22, 2025
Last Seen
Jun 17, 2026
Mar 22
First Seen
465d ago
Jun 17
Last Seen
13d ago
12
Reports
source reports
99%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Feed Intelligence Summary

12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseactive scanactive scanningaffiliate programakiraakira ransomwarealienvault_ransomwareanydeskasiabad reputationblackcatbotnetbotnet activitybritish indian ocean territorybrute forcebrute force attackbrute force attacksbyovdcalls-wmicartelcobalt strikecobalt strike frameworkcommand and controlcommunication protocolcompromised credentialsconsumer goodsconticredential accesscredential harvestingcredential stuffingdata breachdata encryptiondata exfiltrationdata leakagedata store exposuredata theftdetect-debug-environmentdevmandistributed attacksdouble extortiondragon forcedragonforcedragonforce ransomwaredriver exploitationencryptionendclient ratesxieuropeexeexecutable fileexploitation activityextortionfantasy hufilefile-hashfilehash md5filehash sha1filehash sha256ftp brute forceglobalgod ratgootloaderhttphttp probinghttp scannerhuntersidentity & access exploitationindiaindicatoringress tool transferinjection activityinsurance carriers and related activitiesisraellapsuslinuxlockbitlong-sleepsmalmalaysiamalicious softwaremalwaremalware developmentmamonamarksmegamulti-extortionmultiple threat actorsnetwork scanningoperating systemoverlaypassword attackspayloadpeexeperuphishingphishing attackprivilege escalationprocess injectionqilinraasraas groupraas modelransomransomhubransomwareransomware deploymentransomware multi-extortion attackreconnaissanceremote accessremote servicesrentdrv2.sysresearchedretail traderoyalsaudi arabiascattered spidersecurity evasionsecurity software evasionshinyhunterssmtp probingsocial engineeringsouth americaspencerspiderssh attacksystem disruptionsystembcsystembc malwaret1003t1005t1020t1021t1021.001t1027t1046t1053t1055t1059t1059.001t1068t1069.001t1070t1071t1071.001t1076t1078t1078.003t1083t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204t1213t1486t1489t1490t1491t1495.001t1496t1499.002t1499.003t1530t1547t1547.001t1555t1562t1562.004t1563t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1573t1595t1595.001t1595.002t1595.003threat actortor nodetrojan malwaretruesight.sysunited kingdomunknown malware distributionvulnerability scanvulnerable driver exploitationweb crawlerweb trafficwhite-labelwhite-label ransomwarewin32 malwarewindowswindows malwareyara

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenMar 22, 2025
Last seenJun 17, 2026

VirusTotal

Not checked

WHOIS

description
PE32 executable (GUI) Intel 80386, for MS Windows
references
https://www.acronis.com/en/tru/posts/the-dragonforce-cartel-scattered-spider-at-the-gate/, https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists, https://medium.com/s2wblog/detailed-analysis-of-dragonforce-ransomware-25d1a91a4509, Book2.csv, https://www.acronis.com/en/tru/posts/the-dragonforce-cartel-scattered-spider-at-the-gate/?utm_source=bleepingcomputer&utm_medium=referral&utm_campaign=bleepingcomputer-fy25-q4-mixed-amer-nam-en-ba-q4brandq4trudba-x-bleepingcomputer-a, Nov.Week1.pdf, IOC.pdf

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 13 days ago
Appeared in 12 threat reports