s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

MB-071cae0d46c2d4ca75870d6f4efb8e3122ed8d3dc9bf33366019f7d6652ff94c high

📛 Threat Title

Unknown: 071cae0d46c2d4ca75870d6f4efb8e3122ed8d3dc9bf33366019f7d6652ff94c

Category: Unknown Published: Source updated: First seen: Last updated: Source: Abuse.ch

Description

File type: lnk. Size: 56579 bytes. Tags: Kimsuky, lnk, orange-bizarre-lynx-526-mypinata-cloud, uni-site-je--mort-php. Reporter: JAMESWT_WT. First seen: 2026-06-16 10:47:32.

Remediations (10)

  • Secure Boot Certificate Update - Making It Happen with Intune ...
    web:blog.mindcore.dk

    Step‑by‑step guide to automating the Windows Secure Boot certificate update using Microsoft Intune remediations , including fallback logic, telemetry requirements, and real‑world results.

  • SupportArticles-docs/support/mem/intune/app-management/app-install ...
    web:github.com

    A public version to sync with SupportArticles-docs-pr - MicrosoftDocs/SupportArticles-docs

  • Account Unknown (S-1-15-3-65536-1888954469-739942743-1668119174 ...
    web:learn.microsoft.com

    So recently I updated Windows 11 to its latest 22H2 Version. I noticed that in the properties section of my C Drive, also in the security tab there is a user named "Account Unknown (S-1-15-3-65536-1888954469-739942743-1668119174-2468466756-4239452838-1296943325-355587736-700089176) Now, my question is, is this user is associated with current version of windows? Because if I want to delete it ...

  • Tax Resolution IRS Phone Calls Scam: Why That "Press 2" Voicemail Is So ...
    web:malwaretips.com

    Scam Overview What the "Tax Resolution Team" scam is, in plain English This scam is a fraudulent phone outreach campaign where callers, robocalls, or voicemails claim to represent a "tax resolution team," "IRS resolution department," "tax debt relief unit," or a similarly named group. They suggest you've been "flagged," "marked," or "selected" for special IRS ...

  • Monitoring Secure Boot certificate status with Microsoft Intune ...
    web:support.microsoft.com

    The detection script collects Secure Boot and certificate status from each device and reports it back to the Intune portal — no remediation action is taken on devices. This gives administrators a centralized, exportable view of certificate update progress across their Intune enrolled Windows devices. Why use this approach?

  • Windows BitLocker zero-day gives access to protected drives, PoC released
    web:www.bleepingcomputer.com

    A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a ...

  • Microsoft Office CVE-2026-21509 Zero-Day: Emergency Patch Released to ...
    web:www.rescana.com

    Given the active exploitation and the high impact potential, urgent remediation is required for all organizations utilizing affected Microsoft Office products. This advisory provides a comprehensive technical breakdown, exploitation context, and actionable mitigation guidance to help organizations defend against this evolving threat.

  • Truecaller - Identify Unknown Callers & Block Spam Calls
    web:www.truecaller.com

    Truecaller helps you identify unknown numbers, block spam calls and messages, and stay protected from fraud. Trusted by millions for smarter, safer communication.

  • How to Allow App From Unknown Publisher to Run in Windows 10/11
    web:www.windowsdigitals.com

    Can't install or run an app from unknown publisher? Here's how to allow unknown publisher in Windows 11/10, and how to disable the warning.

  • Windows 11 Account Unknown S-1-15-3 or S-1-5-21?
    web:www.windowsdigitals.com

    If you come across "Account Unknown " with a SID like S-1-15-3 or S-1-5-21 in the folder or drive properties, here's what you need to know.

Indicators of Compromise (3)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

hash_sha256 071cae0d46c2d4ca75870d6f4efb8e3122ed8d3dc9bf33366019f7d6652ff94c

IOC database

Type
hash_sha256
Value
071cae0d46c2d4ca75870d6f4efb8e3122ed8d3dc9bf33366019f7d6652ff94c
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Unknown

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

hash_sha1 19ad0688d549ebe3e2b4a5255759c1543334d682

IOC database

Type
hash_sha1
Value
19ad0688d549ebe3e2b4a5255759c1543334d682
First seen
Last seen
Attached to this threat
Appears in
1 threat

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

hash_md5 a3a9e71729ca040aba3a28521bf0ead1

IOC database

Type
hash_md5
Value
a3a9e71729ca040aba3a28521bf0ead1
First seen
Last seen
Attached to this threat
Appears in
1 threat

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

References (1)

  • MalwareBazaar sample page Abuse.ch

    File type: lnk. Size: 56579 bytes. Tags: Kimsuky, lnk, orange-bizarre-lynx-526-mypinata-cloud, uni-site-je--mort-php. Reporter: JAMESWT_WT. First seen: 2026-06-16 10:47:32.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.