ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash 9f4672c1374034ac4556264f0d4bf96ee242c0b5a9edaa4715b5e61fe8d55cc8.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1767067
IOC: 9f4672c1374034ac4556264f0d4bf96ee242c0b5a9edaa4715b5e61fe8d55cc8
IOC Type :sha256_hash
Threat Type :payload
Malware: BEARDSHELL
Confidence Level : Confidence level is high (85%)
Is compromised? : False
First seen:2026-03-15 16:31:27 UTC
Last seen:never
UUID:dd1d6499-2086-11f1-9af6-42010aa4000a
Reporter Lenard
Reward 5 credits from ThreatFox
Tags:APT28 BeardShell CVE-2026-21509 CVE-2026-21514 GRU Sednit
Reference: https://assets.kpmg.com/content/dam/kpmgsites/in/pdf/2026/02/kpmg-ctip-apt-28-17-feb-2026.pdf

Avatar
Lenard
APT28 weaponized RTF documents exploiting CVE-2026-21509 and CVE-2026-21514. Ukrainian-themed lures delivering SimpleLoader+BeardShell.