SHA256MediumSignal 99/100
d67a475f72ca65fd1ac5fd3be2f1cce2db78ba074f54dc4c4738d374d0eb19c7
Location
First Seen
Mar 22, 2025
Last Seen
Jun 17, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseactive scanactive scanningaffiliate programakiraakira ransomwarealienvault_ransomwareanydeskasiabad reputationblackcatbotnetbotnet activitybritish indian ocean territorybrute forcebrute force attackbrute force attacksbyovdcalls-wmicartelcobalt strikecobalt strike frameworkcommand and controlcommunication protocolcompromised credentialsconsumer goodsconticredential accesscredential harvestingcredential stuffingdata breachdata encryptiondata exfiltrationdata leakagedata store exposuredata theftdetect-debug-environmentdevmandistributed attacksdouble extortiondragon forcedragonforcedragonforce ransomwaredriver exploitationencryptionendclient ratesxieuropeexeexecutable fileexploitation activityextortionfantasy hufilefile-hashfilehash md5filehash sha1filehash sha256ftp brute forceglobalgod ratgootloaderhttphttp probinghttp scannerhuntersidentity & access exploitationindiaindicatoringress tool transferinjection activityinsurance carriers and related activitiesisraellapsuslinuxlockbitlong-sleepsmalmalaysiamalicious softwaremalwaremalware developmentmamonamarksmegamulti-extortionmultiple threat actorsnetwork scanningoperating systemoverlaypassword attackspayloadpeexeperuphishingphishing attackprivilege escalationprocess injectionqilinraasraas groupraas modelransomransomhubransomwareransomware deploymentransomware multi-extortion attackreconnaissanceremote accessremote servicesrentdrv2.sysresearchedretail traderoyalsaudi arabiascattered spidersecurity evasionsecurity software evasionshinyhunterssmtp probingsocial engineeringsouth americaspencerspiderssh attacksystem disruptionsystembcsystembc malwaret1003t1005t1020t1021t1021.001t1027t1046t1053t1055t1059t1059.001t1068t1069.001t1070t1071t1071.001t1076t1078t1078.003t1083t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204t1213t1486t1489t1490t1491t1495.001t1496t1499.002t1499.003t1530t1547t1547.001t1555t1562t1562.004t1563t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1573t1595t1595.001t1595.002t1595.003threat actortor nodetrojan malwaretruesight.sysunited kingdomunknown malware distributionvulnerability scanvulnerable driver exploitationweb crawlerweb trafficwhite-labelwhite-label ransomwarewin32 malwarewindowswindows malwareyara
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenMar 22, 2025
Last seenJun 17, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32 executable (GUI) Intel 80386, for MS Windows
- references
- https://www.acronis.com/en/tru/posts/the-dragonforce-cartel-scattered-spider-at-the-gate/, https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists, https://medium.com/s2wblog/detailed-analysis-of-dragonforce-ransomware-25d1a91a4509, Book2.csv, https://www.acronis.com/en/tru/posts/the-dragonforce-cartel-scattered-spider-at-the-gate/?utm_source=bleepingcomputer&utm_medium=referral&utm_campaign=bleepingcomputer-fy25-q4-mixed-amer-nam-en-ba-q4brandq4trudba-x-bleepingcomputer-a, Nov.Week1.pdf, IOC.pdf
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 13 days ago
Appeared in 12 threat reports