ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1767066
IOC: b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546
IOC Type :sha256_hash
Threat Type :payload
Malware: BEARDSHELL
Confidence Level : Confidence level is high (85%)
Is compromised? : False
First seen:2026-03-15 16:31:27 UTC
Last seen:never
UUID:dd052c9e-2086-11f1-9af6-42010aa4000a
Reporter Lenard
Reward 5 credits from ThreatFox
Tags:APT28 BeardShell CVE-2026-21509 CVE-2026-21514 GRU Sednit
Reference: https://assets.kpmg.com/content/dam/kpmgsites/in/pdf/2026/02/kpmg-ctip-apt-28-17-feb-2026.pdf

Avatar
Lenard
APT28 weaponized RTF documents exploiting CVE-2026-21509 and CVE-2026-21514. Ukrainian-themed lures delivering SimpleLoader+BeardShell.