ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash fd3f13db41cd5b442fa26ba8bc0e9703ed243b3516374e3ef89be71cbf07436b.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1767065
IOC: fd3f13db41cd5b442fa26ba8bc0e9703ed243b3516374e3ef89be71cbf07436b
IOC Type :sha256_hash
Threat Type :payload
Malware: BEARDSHELL
Confidence Level : Confidence level is high (85%)
Is compromised? : False
First seen:2026-03-15 16:31:28 UTC
Last seen:never
UUID:dceedef1-2086-11f1-9af6-42010aa4000a
Reporter Lenard
Reward 5 credits from ThreatFox
Tags:APT28 BeardShell CVE-2026-21509 CVE-2026-21514 GRU Sednit
Reference: https://assets.kpmg.com/content/dam/kpmgsites/in/pdf/2026/02/kpmg-ctip-apt-28-17-feb-2026.pdf

Avatar
Lenard
APT28 weaponized RTF documents exploiting CVE-2026-21509 and CVE-2026-21514. Ukrainian-themed lures delivering SimpleLoader+BeardShell.