← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Infected Hosts - MagicSword Analytics - Alerts Merged 03.06.26
WHITE Disable_Duck 2026-03-06 Modified: 2026-04-05
815
IOCs
HIGH VOLUME
Analytics from 2 infected hosts from MagicSword Hosts are both psuedo clones (?) of a production device that connects to AHS/Covenant Health, UAlberta, Government of Alberta daily. FFSS ******https://tria.ge/260306-2134tsfs3n <- Analytic Files & a few problem Files & 'secret files' only found in Triage VM. Did not include in pulse -> 9/10 *****************
protection"",""internal_name"":""mpsigstub.exe"",""file_descriptfileexplorersystem32sha256block rulesunknownfilehashfilenamefilepathpolicy blockrulesvalidfalseserviceterminalcorestubpowershellupdaterwin32compilerstackformatmodelfastconnectorshellinstallerlsassbitsrestexplorerbraindcomandroidplayenergymalwarevirustrojanransomwarestaticanalysisindicator of compromiseiocextractionemulationonlinesubmitsampledownloadplatformsandboxstatic analyzeranalyzertruemcafeeprotectpowerfuldeathbsodUAlbertaAHSCovenant HealthMicrosoftGoogleID TheftCredential TheftDellLenovoASUSInsiteAlbertaNDPAlbertaUCPUniversityAlbertaNathanIPTelusBotnetSpreaderMalcertsCertificatesTreaty8TreatySixEdmontonYEGEduroam
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Protection"",""internal_name"":""MpSigStub.exe"",""file_description"":""Microsoft FileExplorer Ransomware Trojan Thimeda
Indicators of Compromise (52 / 815 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 04a696b6b949498d3de9343b11bbfba471539735 2026-03-06
FileHash-SHA1 13c60f5cce5702c11bd02c1dee737e671f7999e7 2026-03-06
FileHash-SHA1 13f37468d2c5473ea34fb70e71ffc67cbe5edc25 2026-03-06
FileHash-SHA1 1c9bae872b0fd60806c9a519f0bd30d6829db3d8 2026-03-06
FileHash-SHA1 1e74b9adf5ed0dd9a81fac912007d1b65cd9b869 2026-03-06
FileHash-SHA1 1ed9c07d0c5a852bf07e45366c5facb10806bf57 2026-03-06
FileHash-SHA1 245d262748012a4fe6ce8ba6c951a4c4afbc3e5d 2026-03-06
FileHash-SHA1 31c0fea3571c95531af43dc2bcb9d4f6f8ea7502 2026-03-06
FileHash-SHA1 32515047e67efd859e1d2690a65393108d293334 2026-03-06
FileHash-SHA1 3b77db29ac72aa6b5880ecb2ed5ec1ec6601d847 2026-03-06
FileHash-SHA1 3c9202bafacbf9b5e3f1f1ac732c6bf4f98b4f27 2026-03-06
FileHash-SHA1 3db5040777e2e9841d82080e4311f7bbd9da642c 2026-03-06
FileHash-SHA1 3ef1100ca520776706b045f46cb00ecd5d378e02 2026-03-06
FileHash-SHA1 3f56a45111684d454e231cfdc4da5c8d370f9816 2026-03-06
FileHash-SHA1 431fa5538299f973c06fde9d6e97cc81c047ab0e 2026-03-06
FileHash-SHA1 48955d9bb588003961d1ca22198babefa3e9fa56 2026-03-06
FileHash-SHA1 48b2486f389c9927957299bdfd24c2abef9d15db 2026-03-06
FileHash-SHA1 580e5b74e4a43390fe113f7cad3c138e21776f1e 2026-03-06
FileHash-SHA1 6ace61bae3f09f4dd2697806d73e022cbfe70eb4 2026-03-06
FileHash-SHA1 6c6d5882b6227b929967d1e389201a7bb5ebbd35 2026-03-06
FileHash-SHA1 7122f19e8a45ed98fbe41ea0bdadf251e45717f9 2026-03-06
FileHash-SHA1 71f53a26bb1625e466727183409a30d03d7923df 2026-03-06
FileHash-SHA1 72a2ec23da8479e173f0130f1304ed9555dfadda 2026-03-06
FileHash-SHA1 7a60498bcf6da6a76eebc9f6166d30fc8290e645 2026-03-06
FileHash-SHA1 7c1760f1b98f13ab36fc603fe08c3ad2117c6e9c 2026-03-06
FileHash-SHA1 81915c173d7ffcbf49eaa8cf7594696b29a035e1 2026-03-06
FileHash-SHA1 81a01a8e59c40ccb0de250d98bd88de5f4740860 2026-03-06
FileHash-SHA1 8f985be8fd256085c90a95d3c74580511a1db975 2026-03-06
FileHash-SHA1 9473ab1b3014891c4795bb457bfa3d3225d69bb3 2026-03-06
FileHash-SHA1 a3ff353e77e624540beeb83335690535be8df56b 2026-03-06
FileHash-SHA1 a6eec189212e4c3f109efbbba756a0c2360e7d01 2026-03-06
FileHash-SHA1 adf1dc99c628cf93a5425a7f9077946010a994c1 2026-03-06
FileHash-SHA1 aeb9b61e47d91c42fff213992b7810a3d562fb12 2026-03-06
FileHash-SHA1 b2732a60f9d0e554f756d87e7446a20f216b4f73 2026-03-06
FileHash-SHA1 b8e3e498198eb9f4ca7c37ac37f3f49d7f96af6c SHA1 of ab94c66e893012ca56de0fe8fb4deb40ea8f6da6763ee7831cc083edec50bb69 2026-03-06
FileHash-SHA1 c2048fb509f1c37a8c3e9ec6648118458aa01780 2026-03-06
FileHash-SHA1 d8fb0cc66a08061b42d46d03546f0d42cbc49b7c 2026-03-06
FileHash-SHA1 d92e5fc1081845d4df64b56fc65402d300421d01 2026-03-06
FileHash-SHA1 e2cf21ca3c88f0d5f0fc0064520be2deacb2cbd6 2026-03-06
FileHash-SHA1 e61d395d81f124940343f8800d7b07ffcb6a2b4f 2026-03-06
FileHash-SHA1 ea2f8cbc69a1a01142a1edd8b1256fecbc1d9f2d 2026-03-06
FileHash-SHA1 ec5f0d7ee2327688384b4fdf5d7633553a0d055f 2026-03-06
FileHash-SHA1 f2b73e6e25dab6bfd4abc1099c16125b4ddc13ce 2026-03-06
FileHash-SHA1 f5877012fbd62fabcbdc8d8cee9c9585ba30df79 2026-03-06
FileHash-SHA1 f6b86c0b3c495d7de692ffcdbd702813605cff56 2026-03-06
FileHash-SHA1 f6eeccc7ff116889c2d5466ae7243d7aa7698689 2026-03-06
FileHash-SHA1 f8ac5f11de7e26383b7a389fc19a2613835799d7 2026-03-06
FileHash-SHA1 f9a7cf9fbe13bac767f4781061332da6e8b4e0ee 2026-03-06
FileHash-SHA1 facde3d80e99afcc15e08ac5a69bd22785287f79 2026-03-06
FileHash-SHA1 3c9e970a7bad2902aa6ca270dcd83c4b0f6b0138 2026-03-06
FileHash-SHA1 aafb69c1a3fd4c2d5207e98f818b994664db71cd 2026-03-06
FileHash-SHA1 dd51671db8f7706b7f2546b352381012ce1b15fe 2026-03-06
References (10)
↗ https://www.filescan.io/uploads/69ab467397feb4afd670f9d7/reports/1a4169f3-4b2d-4442-9d52-914c643954bc/overview ↗ https://app.threat.zone/submission/ceae3b93-a33f-401b-8a54-a951b524adf4/overview ↗ https://www.filescan.io/uploads/69ab48ab9eaae8465944a7a7/reports/0b631689-e054-441a-8302-0c1c9c9d4783/overview ↗ https://app.threat.zone/submission/f5353cb5-7f63-4462-a4c5-96fc9e9de8fe/overview ↗ https://www.filescan.io/uploads/69ab4a18cd25bfe1dfe2ef6f/reports/59c49be5-98f1-4055-a49b-e5a9ce532f15/overview ↗ https://app.threat.zone/submission/1a95a88b-069d-4ca0-94be-46798f0156cf/overview ↗ https://www.filescan.io/uploads/69ab4c8697feb4afd671070f/reports/1c10bb12-152b-47b0-9d50-0d37fd946a77/overview ↗ http://hybrid-analysis.com/file-collection/69ab53ada78313258c0cd3b1 ↗ Polyswarm ↗ ******https://tria.ge/260306-2134tsfs3n <- Analytic Files & a few problem Files & 'secret files' only found in Triage VM. Did not include in pulse -> 9/10