IOC Radar
MD5MediumSignal 97/100

03af2bf85923ce0fda7c20f8f82839c9

Location
PeruPeru
First Seen
Aug 8, 2025
Last Seen
Apr 16, 2026
Aug 8
First Seen
326d ago
Apr 16
Last Seen
75d ago
10
Reports
source reports
97%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
97%
Signal Score
97 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

85 techniques

Feed Intelligence Summary

10 reports97% confidence
10
Source reports
97%
Confidence score
Category tags
abuseabysskillerabyssworkeractive scanactive scanningakiraalienvault_ransomwareanti-analysisanti-rootkit abuseanti-virus evasionantivirus bdapianydeskappearancearkanix stealerasnsbad reputationbeyondblackcatblacksuitbotnetbotnet activitybrute forcebyovdchecks-user-inputcivil servicescobalt strikecode executioncode injectioncommand and controlcommand executioncommunication protocolcredential accesscredential stuffingcrytoxcrytox incidentcyber threatsdatadata encryptiondata exfiltrationdata store exposuredead-avdefense evasiondefense evasion toolsdigital signaturedistributed attacksdragonforcedriverdriver abusedriver exploitationdriver manipulationebpf-based rootkitsedredr bypassedr evasionedr killeredr killersedr-freezeedrsilencerelectronic health recordsembargoencryptionendpoint protectionendpoint protection bypasseseteset researchexploitation activityexplore byextortionfigurefile-hashfilehash md5filehash sha1filehash sha256financefinancial servicesfirmware updatefooterftpfunksec ransomwareghostdrivergithubgithub advancedgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp scannerhttpshunteridentity & access exploitationidleimpactin the wildincinc incidentindicatorindicatorsindicators of compromiseindicatortypeinfostealerinitial accessinjection activityiocsiocs filenameiocs medusaitm systemjameswt_wtkeepkernel mode attackskernel modulekillerlateral movementlockbitlynxlynx incidentmalicious powershell activitymalicious softwaremalwaremalware family: akiramalware family: lockbitmalware family: medusalockermalware family: qilinmalware family: ransomhubmalware signingmanagemedical servicesmedusamedusalockermobilemobile securitymonitoringmoremorte loadermsp compromisemspsmustang pandanavicatnetscannetwork iocsnetwork probingnetwork protocolnetwork scanningoperating systemoperational disruptionpackerpatient carepdq deploypdq inventorypeexeperuphishingpocspower deliveryprivilege escalationprivilege escalation toolsprocess injectionprocess killingpsexecpublic administrationpublic infrastructurepublic policyqilinqilin incidentraasransomhubransomwareransomware affiliatesransomware operationsrclonereconnaissanceregulatory agenciesremote accessremote servicesresearchedrmm exploitationrockrootkitrustscripting attackssecurity evasionsecurity operationssecurity product disablementsednitserviceservice stopshellsmallsoftware exploitationsoftware integritysouth americaspearwingssh attackstarstopstrongsupply chain attacksusanoosystemsystem disruptionsystem monitort1003t1005t1014t1016t1021t1021.001t1021.002t1027t1027.002t1027.005t1036t1036.004t1036.005t1037t1037.001t1049t1053.005t1055t1055.001t1059t1059.001t1059.003t1064t1068t1069.001t1070t1070.001t1070.004t1071t1071.001t1076t1077t1078t1078.002t1086t1106t1110t1110.002t1113t1127t1140t1189t1190t1199t1203t1204t1204.002t1218t1486t1489t1490t1496t1499.001t1499.002t1499.003t1505t1530t1543t1543.003t1547.001t1547.006t1548.002t1553t1553.002t1554.001t1554.003t1560t1562t1562.001t1562.002t1562.004t1562.006t1563t1565t1566t1566.001t1569t1569.002t1573.001t1590t1592t1595t1595.001t1595.002t1595.003tfsysmon-killerthemidatheythreat actorthreat actor groupthreat actor: warlockthreat intelligencethreat-sharingtipstor nodettpsuab medusaupdate siemutilityviewvulnerability scanvulnerable driverswarlockweb trafficwin32 malwarewin64vulndriverwindowswindows malwarewritezensec

Activity Timeline

1 total obs
Apr 16Apr 16

Threat Activity Heatmap

· Peak: 2026-04-16
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
97
SIGNAL
Signal Score
97%
Confidence
10
Reports
First seenAug 8, 2025
Last seenApr 16, 2026

VirusTotal

Not checked

WHOIS

description
MD5 of 54547180a99474b0dba289d92c4a8f3eea78b531
references
https://news.sophos.com/en-us/2025/08/06/shared-secret-edr-killer-in-the-kill-chain/, https://www.security.com/threat-intelligence/medusa-ransomware-attacks, Cyber Threat Advisory - EDR-Killer Tools Aid Ransomware Attacks.pdf

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 10 months ago · Last seen 2 months ago
Appeared in 10 threat reports