Skip to content
Latest
Jscrambler npm Compromise Shows Build Pipelines Need Runtime ControlsGhost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

Indicator of Compromise

4a927d031919fd6bd88d3c8a917214b54bca00f8ddc80ecfe4d230663dda7465

SHA-256 hash Seen in 1 report Watch this →

A SHA-256 file hash identifying a specific malicious sample. Match it against files on disk or in your EDR.

Included in the Hashes feed (live, machine-readable).

Related indicators

Indicators that appear alongside this one in the same reporting, often shared infrastructure or the same campaign.

206[.]189[.]27[.]39 57b3188e24782c27fdf72493ce599537efd3187d03b80f8afe733c72d68c5517 710a9d2653c8bd3689e451778dab9daec0de4c4c75f900788ccf23ef254b122a b4592cea69699b2c0737d4e19cff7dca17b5baf5a238cd6da950a37e9986f216 bdd5da81ac34d9faa2a5118d4ed8f492239734be02146cd24a0e34270a48a455 CVE-2025-33073 CVE-2025-53521 hxxp://206[.]189[.]27[.]39:8888/5hxxps://my[.]f5[.]com/manage/s/article/K000156741hxxps://www[.]darktrace[.]com/blog/darktraces-view-on-operation-lunar-peek-exploitation-of-palo-alto-firewall-devices-cve-2024-2012-and-2024-9474my[.]f5[.]comwww[.]darktrace[.]com