MD5MediumSignal 97/100
03af2bf85923ce0fda7c20f8f82839c9
Location
First Seen
Aug 8, 2025
Last Seen
Apr 16, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
97%
Signal Score
97 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports97% confidence
10
Source reports
97%
Confidence score
Category tags
abuseabysskillerabyssworkeractive scanactive scanningakiraalienvault_ransomwareanti-analysisanti-rootkit abuseanti-virus evasionantivirus bdapianydeskappearancearkanix stealerasnsbad reputationbeyondblackcatblacksuitbotnetbotnet activitybrute forcebyovdchecks-user-inputcivil servicescobalt strikecode executioncode injectioncommand and controlcommand executioncommunication protocolcredential accesscredential stuffingcrytoxcrytox incidentcyber threatsdatadata encryptiondata exfiltrationdata store exposuredead-avdefense evasiondefense evasion toolsdigital signaturedistributed attacksdragonforcedriverdriver abusedriver exploitationdriver manipulationebpf-based rootkitsedredr bypassedr evasionedr killeredr killersedr-freezeedrsilencerelectronic health recordsembargoencryptionendpoint protectionendpoint protection bypasseseteset researchexploitation activityexplore byextortionfigurefile-hashfilehash md5filehash sha1filehash sha256financefinancial servicesfirmware updatefooterftpfunksec ransomwareghostdrivergithubgithub advancedgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp scannerhttpshunteridentity & access exploitationidleimpactin the wildincinc incidentindicatorindicatorsindicators of compromiseindicatortypeinfostealerinitial accessinjection activityiocsiocs filenameiocs medusaitm systemjameswt_wtkeepkernel mode attackskernel modulekillerlateral movementlockbitlynxlynx incidentmalicious powershell activitymalicious softwaremalwaremalware family: akiramalware family: lockbitmalware family: medusalockermalware family: qilinmalware family: ransomhubmalware signingmanagemedical servicesmedusamedusalockermobilemobile securitymonitoringmoremorte loadermsp compromisemspsmustang pandanavicatnetscannetwork iocsnetwork probingnetwork protocolnetwork scanningoperating systemoperational disruptionpackerpatient carepdq deploypdq inventorypeexeperuphishingpocspower deliveryprivilege escalationprivilege escalation toolsprocess injectionprocess killingpsexecpublic administrationpublic infrastructurepublic policyqilinqilin incidentraasransomhubransomwareransomware affiliatesransomware operationsrclonereconnaissanceregulatory agenciesremote accessremote servicesresearchedrmm exploitationrockrootkitrustscripting attackssecurity evasionsecurity operationssecurity product disablementsednitserviceservice stopshellsmallsoftware exploitationsoftware integritysouth americaspearwingssh attackstarstopstrongsupply chain attacksusanoosystemsystem disruptionsystem monitort1003t1005t1014t1016t1021t1021.001t1021.002t1027t1027.002t1027.005t1036t1036.004t1036.005t1037t1037.001t1049t1053.005t1055t1055.001t1059t1059.001t1059.003t1064t1068t1069.001t1070t1070.001t1070.004t1071t1071.001t1076t1077t1078t1078.002t1086t1106t1110t1110.002t1113t1127t1140t1189t1190t1199t1203t1204t1204.002t1218t1486t1489t1490t1496t1499.001t1499.002t1499.003t1505t1530t1543t1543.003t1547.001t1547.006t1548.002t1553t1553.002t1554.001t1554.003t1560t1562t1562.001t1562.002t1562.004t1562.006t1563t1565t1566t1566.001t1569t1569.002t1573.001t1590t1592t1595t1595.001t1595.002t1595.003tfsysmon-killerthemidatheythreat actorthreat actor groupthreat actor: warlockthreat intelligencethreat-sharingtipstor nodettpsuab medusaupdate siemutilityviewvulnerability scanvulnerable driverswarlockweb trafficwin32 malwarewin64vulndriverwindowswindows malwarewritezensec
Activity Timeline
Apr 16Apr 16
Threat Activity Heatmap
· Peak: 2026-04-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
97
SIGNAL
Signal Score
97%
Confidence
10
Reports
First seenAug 8, 2025
Last seenApr 16, 2026
VirusTotal
Not checked
WHOIS
- description
- MD5 of 54547180a99474b0dba289d92c4a8f3eea78b531
- references
- https://news.sophos.com/en-us/2025/08/06/shared-secret-edr-killer-in-the-kill-chain/, https://www.security.com/threat-intelligence/medusa-ransomware-attacks, Cyber Threat Advisory - EDR-Killer Tools Aid Ransomware Attacks.pdf
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 10 months ago · Last seen 2 months ago
Appeared in 10 threat reports