ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash 8c1dc9732884c6078b23953b78314a8d0d8b8d9fe42e5f97a7cd09b8ace943a9.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1767063
IOC: 8c1dc9732884c6078b23953b78314a8d0d8b8d9fe42e5f97a7cd09b8ace943a9
IOC Type :sha256_hash
Threat Type :payload
Malware: BEARDSHELL
Confidence Level : Confidence level is high (90%)
Is compromised? : False
First seen:2026-03-15 16:31:29 UTC
Last seen:never
UUID:db27df80-2086-11f1-9af6-42010aa4000a
Reporter Lenard
Reward 5 credits from ThreatFox
Tags:APT28 BeardShell GRU Sednit SimpleLoader
Reference: https://assets.kpmg.com/content/dam/kpmgsites/in/pdf/2026/02/kpmg-ctip-apt-28-17-feb-2026.pdf

Avatar
Lenard
APT28 SimpleLoader DLL variant - first-stage loader for BeardShell backdoor. Exports: UIClassRegister, hXts. Module name: SimpleDropper.dll. Same compilation timestamp as 0bb0d540 but different code/payload.