Malicious SHA-256 file hash 1193dde1c831… (OffSeq Mirage)
OffSeq Mirage honeypot sensors observed this SHA-256 file hash 4 time(s) in attacker activity between 2026-06-28 and 2026-06-29. Observed technique: T1105 (Ingress Tool Transfer). File hashes fingerprint a specific malicious payload (a dropper, web shell, miner, or post-exploitation tool) that was staged or delivered during the attack. Match it against files in your environment and your EDR/AV and threat-intel feeds.
AI Analysis
Technical Summary
OffSeq Mirage honeypot sensors detected a malicious file with SHA-256 hash 1193dde1c831808bf6f2db6f5b850b846b8a7f870873ec3b8a347f21cc5d96e3 during attacker activity on 2026-06-28 and 2026-06-29. The file is linked to the ATT&CK technique T1105, which involves ingress tool transfer, suggesting the file was used to deliver or stage a malicious payload such as a dropper, web shell, miner, or post-exploitation tool. This hash serves as an IOC to identify this specific malicious payload in affected environments. There is no information on specific affected software versions or known active exploitation campaigns.
Potential Impact
The presence of this malicious file indicates potential compromise involving the transfer and execution of unauthorized tools or payloads within a network. Such payloads may enable attackers to establish persistence, escalate privileges, or conduct further malicious activities. However, no confirmed active exploitation or widespread impact has been reported at this time.
Mitigation Recommendations
No official patch or remediation is applicable as this is an indicator of compromise rather than a vulnerability. Security teams should use this SHA-256 hash to scan and detect the presence of this malicious file within their environments using EDR, AV, and threat intelligence feeds. If detected, incident response procedures should be followed to contain and remediate the infection. Continuous monitoring for ingress tool transfer activities (T1105) is recommended.
Indicators of Compromise
- hash: 1193dde1c831808bf6f2db6f5b850b846b8a7f870873ec3b8a347f21cc5d96e3
Malicious SHA-256 file hash 1193dde1c831… (OffSeq Mirage)
Description
OffSeq Mirage honeypot sensors observed this SHA-256 file hash 4 time(s) in attacker activity between 2026-06-28 and 2026-06-29. Observed technique: T1105 (Ingress Tool Transfer). File hashes fingerprint a specific malicious payload (a dropper, web shell, miner, or post-exploitation tool) that was staged or delivered during the attack. Match it against files in your environment and your EDR/AV and threat-intel feeds.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OffSeq Mirage honeypot sensors detected a malicious file with SHA-256 hash 1193dde1c831808bf6f2db6f5b850b846b8a7f870873ec3b8a347f21cc5d96e3 during attacker activity on 2026-06-28 and 2026-06-29. The file is linked to the ATT&CK technique T1105, which involves ingress tool transfer, suggesting the file was used to deliver or stage a malicious payload such as a dropper, web shell, miner, or post-exploitation tool. This hash serves as an IOC to identify this specific malicious payload in affected environments. There is no information on specific affected software versions or known active exploitation campaigns.
Potential Impact
The presence of this malicious file indicates potential compromise involving the transfer and execution of unauthorized tools or payloads within a network. Such payloads may enable attackers to establish persistence, escalate privileges, or conduct further malicious activities. However, no confirmed active exploitation or widespread impact has been reported at this time.
Mitigation Recommendations
No official patch or remediation is applicable as this is an indicator of compromise rather than a vulnerability. Security teams should use this SHA-256 hash to scan and detect the presence of this malicious file within their environments using EDR, AV, and threat intelligence feeds. If detected, incident response procedures should be followed to contain and remediate the infection. Continuous monitoring for ingress tool transfer activities (T1105) is recommended.
Technical Details
- Severity Source
- AI-assessed (no CVSS data)
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash1193dde1c831808bf6f2db6f5b850b846b8a7f870873ec3b8a347f21cc5d96e3 | OffSeq Mirage — a malicious file, observed 2026-06-28..2026-06-29, 2× |
Threat ID: 6a4258cb27e9c79719c65c36
Added to database: 06/29/2026, 11:36:43 UTC
Last enriched: 06/29/2026, 11:51:28 UTC
Last updated: 06/30/2026, 03:21:43 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.