MD5HighVerifiedSignal 92/100
2ae6b5f628012497db874ffefed17f06
First Seen
May 12, 2026
Last Seen
Jun 10, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
92%
Signal Score
92 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports92% confidence
4
Source reports
92%
Confidence score
Category tags
arctic wolfchromechromestealerekz infostealerendpoint exploitationexploitation activityfile-hashfirefoxforticlient emsgenerichttphttp postindicatorinfostealeripv62a03ipv62a12linuxnoteopencti_label forticlientopencti_label forticlient emsosintpowershellremote accessresearchedt1012t1027t1041t1055t1055.012t1057t1070t1070.004t1083t1190t1497t1497.003t1555t1555.003vpn configuration abusewolf
Activity Timeline
Jun 10Jun 10
Threat Activity Heatmap
· Peak: 2026-06-10LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
92
SIGNAL
Signal Score
92%
Confidence
4
Reports
First seenMay 12, 2026
Last seenJun 10, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- MD5 of 2f25ea1b622abf3212141af932c2ec4cbd6b2b5903c2a531121f691227d98cff
- references
- https://arcticwolf.com/resources/blog/forticlient-ems-exploited-via-cve-2026-35616-to-deliver-ekz-infostealer-disguised-as-a-fortinet-patch, IOCs-MAY4.csv, https://arcticwolf.com/resources/blog/forticlient-ems-exploited-via-cve-2026-35616-to-deliver-ekz-infostealer-disguised-as-a-fortinet-patch/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 1 month ago · Last seen 5 days ago
Appeared in 4 threat reports