ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash 0bb0d54033767f081cae775e3cf9ede7ae6bea75f35fbfb748ccba9325e28e5e.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1767064
IOC: 0bb0d54033767f081cae775e3cf9ede7ae6bea75f35fbfb748ccba9325e28e5e
IOC Type :sha256_hash
Threat Type :payload
Malware: BEARDSHELL
Confidence Level : Confidence level is high (90%)
Is compromised? : False
First seen:2026-03-15 16:31:28 UTC
Last seen:never
UUID:dbb4c290-2086-11f1-9af6-42010aa4000a
Reporter Lenard
Reward 5 credits from ThreatFox
Tags:APT28 BeardShell GRU Sednit SimpleLoader
Reference: https://assets.kpmg.com/content/dam/kpmgsites/in/pdf/2026/02/kpmg-ctip-apt-28-17-feb-2026.pdf

Avatar
Lenard
APT28 SimpleLoader DLL variant - first-stage loader for BeardShell backdoor. Exports: UIClassRegister, hXts. Module name: SimpleDropper.dll. Same compilation timestamp as 0bb0d540 but different code/payload.