MD5HighVerifiedSignal 80/100
0ae9e38912ff6bd742a1b9e5c003576a
First Seen
Jul 2, 2023
Last Seen
Feb 20, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports80% confidence
4
Source reports
80%
Confidence score
Category tags
.cc domainabuse elevationaccess tokenaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanninganalysis ob0001analysis ob0002ascii textblack bastablack-bastabotnetbotnet activitybrute forcecatalog treecjutxgcnmicrosoft ecccommandcommand and controlcontacted urlscontrol ta0011covacova cryptbotcredential accesscredentialscryptbotcus subjectdata exfiltrationdata oc0004defense evasiondenial of servicedistributed attacksdnserror httpsevasion ta0005exchange metafile-hashfollow bot activitygeckoget httpget httpsgoogle taghtml documenthtml interneticmpiframe tagsimpact ta0040indicatorkhtmllearnlocal accountmakemalicious softwaremalwarenetwork probingnumberob0007 impactob0012 fileomicrosoft copen threatpasswordpassword storepost httpsprocess injectionprocess oc0003reconnaissancerequestresearchedresolved ipsscript tagsserver casetgidsetuidsocial media attacksocial media manipulationstealerstwa lredmondsystem oc0001t1005t1007t1027t1055t1056t1057t1059t1068t1071t1071.001t1078t1082t1087t1098t1105t1110t1134t1189t1190t1201t1204t1219t1486t1496t1499t1499.002t1499.003t1547t1548t1552t1555t1565t1566t1567t1573t1583t1583.001t1588.002t1589t1595t1595.001t1595.002t1595.003t1650ta0004 defenseta0009 commandtags twittertcnicastwitterupdate securewindows nt
Activity Timeline
Feb 20Feb 20
Threat Activity Heatmap
· Peak: 2026-02-20LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
4
Reports
First seenJul 2, 2023
Last seenFeb 20, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- Surprised: Follow bot account affects threat researcher(s)account(s). % path , attempts DoS. Threatening account name,. (00285c99b52d41679b1aa3b8a80895b037df8a7500f4ad97ce06068eac4a95b7 | = follow) || {2025-05-20_bf3a6ba6e3421a7214ffbfe97642a578_amadey_black-basta_cova_cryptbot_elex_luca-stealer FastCopy5.9.0.exe} ET DNS Query for .cc PROTOCOL-ICMP PATH MTU denial of service attempt PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set
- references
- https://www.virustotal.com/graph/embed/gd9b1509401bf43ecbc1d0cd7477fec52e600f1728b514d5eac860c6dd54c4e73?theme=light, https://alertas-y-seguridad.jimdosite.com/repositorio-ioc/, https://darfe.es/ciberwiki/index.php?title=DCRat, https://www.virustotal.com/graph/embed/g882db29a01504f1d89aaa2c0eac4e4d86b57e101340e40079ab8f411efe3f470?theme=light, https://www.virustotal.com/graph/embed/gb13261efb4f04c4f9e9538a432a04af592e457a4928d46aeaa887ac476c6acbf?theme=light, https://www.virustotal.com/graph/embed/g39085ef171fa4dd5a2d4b773ed40c1dfc1abddac41be4e09b19ad0f41ac97b63?theme=light, https://darfe.es/ciberwiki/index.php?title=AsyncRAT, https://www.virustotal.com/graph/embed/g4c3f75f3f42e46c594d2761ff7b1df06ae16eff4dfe649d293a0aed3a1a2104c?theme=light, https://alertas-y-seguridad.jimdosite.com/, https://www.virustotal.com/graph/embed/ga23c28b632474caba300006a659153546cdd3203f60d451a8d887c658ed7a8bb?theme=light, https://www.pcrisk.es/guias-de-desinfeccion/10038-redlinestealer-malware, https://www.virustotal.com/graph/embed/g9b718420b51043a588688c096416d4ce971b2a368cc8443987c0b67cee26e565?theme=light
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 2 years ago · Last seen 3 months ago
Appeared in 4 threat reports