Indicator of Compromise
Medium File Hash (SHA256) Active
Value
978a54a42629e0d19ef41bd5db7e560d618e1fdcc8e77c14694642840dfad8a2
Association

Cobalt Strike

Tags
DLL Donut loader Trycloudflare XOR
Description

payload

First Seen

March 26, 2026 14:59

Last Seen

Unknown

Created

April 29, 2026 14:27

Last Updated

April 29, 2026 14:27

Additional Metadata 
{'anonymous': '0',
 'confidence_level': 50,
 'crawled_at': '2026-04-29T14:27:55.994910+00:00',
 'malware': 'win.cobalt_strike',
 'malware_alias': 'Agentemis,BEACON,CobaltStrike,cobeacon',
 'malware_printable': 'Cobalt Strike',
 'original_value': None,
 'reference': 'https://www.virustotal.com/gui/file/978a54a42629e0d19ef41bd5db7e560d618e1fdcc8e77c14694642840dfad8a2',
 'reporter': 'Lenny_3BO',
 'source': 'threatfox-abuse-ch',
 'tags': ['DLL', 'Donut', 'loader', 'Trycloudflare', 'XOR'],
 'threat_type': 'payload',
 'threatfox_id': '1776719'}
STIX Data 
{'description': 'payload',
 'external_references': [{'external_id': '1776719',
                          'source_name': 'threatfox-abuse-ch',
                          'url': 'https://threatfox.abuse.ch/ioc/1776719/'}],
 'id': 'indicator--1776719',
 'name': 'FILE_HASH_SHA256: '
         '978a54a42629e0d19ef41bd5db7e560d618e1fdcc8e77c14694642840dfad8a2',
 'pattern': '[FILE_HASH_SHA256:value = '
            "'978a54a42629e0d19ef41bd5db7e560d618e1fdcc8e77c14694642840dfad8a2']",
 'pattern_type': 'stix',
 'pattern_version': '2.1',
 'type': 'indicator',
 'valid_from': '2026-03-26 14:59:32',
 'valid_until': None}
Quick Actions
Edit IOC Update from Web
Back to IOCs
Dashboard About