← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - VECT: Ransomware by design, Wiper by accident
WHITE celestre 2026-04-29 Modified: 2026-04-29
14
IOCs
MEDIUM VOLUME
VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an announcement of a partnership with TeamPCP, the actor behind several supply-chain attacks in March 2026. These attacks injected malware into popular software packages such as Trivy, Checkmarx’ KICS, LiteLLM and Telnyx, affecting a large base of downstream consumers. Shortly after these attacks made headlines, VECT made a post on BreachForums, announcing their partnership with TeamPCP, with the goal to exploit the companies affected by those supply chain attacks.
windowsesxilinux
Indicators of Compromise (14)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 207b1a60f803d348c795d382f5aed9c3 MD5 of 8ee4ec425bc0d8db050d13bbff98f483fff020050d49f40c5055ca2b9f6b1c4d 2026-04-29
FileHash-MD5 4cc6e614e0b766ced936a7e44976f10a MD5 of e1fc59c7ece6e9a7fb262fc8529e3c4905503a1ca44630f9724b2ccc518d0c06 2026-04-29
FileHash-MD5 7f6670a37338ffcaa61578e24164c540 MD5 of 58e17dd61d4d55fa77c7f2dd28dd51875b0ce900c1e43b368b349e65f27d6fdd 2026-04-29
FileHash-MD5 aa72609186042f1d7d01ce070306a9f2 MD5 of e512d22d2bd989f35ebaccb63615434870dc0642b0f60e6d4bda0bb89adee27a 2026-04-29
FileHash-SHA1 e27f4feffc1ba6bf4e35aec4a5270fccb636e5cf SHA1 of e512d22d2bd989f35ebaccb63615434870dc0642b0f60e6d4bda0bb89adee27a 2026-04-29
FileHash-SHA1 ecba8e27fe57953fa43818f141cee17db4ba6a07 SHA1 of e1fc59c7ece6e9a7fb262fc8529e3c4905503a1ca44630f9724b2ccc518d0c06 2026-04-29
FileHash-SHA1 f4b904fb6ba8474cb87f26302b74c4b82c106003 SHA1 of 8ee4ec425bc0d8db050d13bbff98f483fff020050d49f40c5055ca2b9f6b1c4d 2026-04-29
FileHash-SHA1 fe65bd9073617752460ac3419881c67848381fa3 SHA1 of 58e17dd61d4d55fa77c7f2dd28dd51875b0ce900c1e43b368b349e65f27d6fdd 2026-04-29
FileHash-SHA256 58e17dd61d4d55fa77c7f2dd28dd51875b0ce900c1e43b368b349e65f27d6fdd 2026-04-29
FileHash-SHA256 8ee4ec425bc0d8db050d13bbff98f483fff020050d49f40c5055ca2b9f6b1c4d 2026-04-29
FileHash-SHA256 9c745f95a09b37bc0486bf0f92aad4a3d5548a939c086b93d6235d34648e683f 2026-04-29
FileHash-SHA256 a7eadcf81dd6fda0dd6affefaffcb33b1d8f64ddec6e5a1772d028ef2a7da0f2 2026-04-29
FileHash-SHA256 e1fc59c7ece6e9a7fb262fc8529e3c4905503a1ca44630f9724b2ccc518d0c06 2026-04-29
FileHash-SHA256 e512d22d2bd989f35ebaccb63615434870dc0642b0f60e6d4bda0bb89adee27a 2026-04-29
References (1)
↗ https://research.checkpoint.com/2026/vect-ransomware-by-design-wiper-by-accident/