MD5MediumSignal 96/100
2de27ca8d97124adaf604b18161a441e
First Seen
May 11, 2026
Last Seen
May 19, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
8 reports96% confidence
8
Source reports
96%
Confidence score
Category tags
abuseabuse_ch_hashadministrationalienvault_ransomwarebackdoorbackdoor/ratbad reputationbotnetbotnet activitybrute forcechecks-hostnamecpanel exploitationcpanel-pythoncredential harvestingcredential stuffingcredential theftdata exfiltrationdata store exposuredata theftdefensedetect-debug-environmentelfexecutable fileexploitation activityfile-hashfilemanager ratidentity & access exploitationindicatorinfectorjs codelinuxmalwaremrrot13opencti_label ssh keyspayloadphpphp backdoorransomwareresearchedself-deletesmica83southeast asiassh backdoort1005t1027t1041t1056.003t1059.004t1059.007t1070.006t1071.001t1078t1083t1098t1098.004t1119t1136t1136.003t1140t1190t1219t1505.003t1543.002t1552.001t1552.003t1567.002tokentor nodevulnerability scanwebshellwordpress targetingyara
Activity Timeline
May 19May 19
Threat Activity Heatmap
· Peak: 2026-05-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
8
Reports
First seenMay 11, 2026
Last seenMay 19, 2026
VirusTotal
Not checked
WHOIS
- references
- https://blog.xlab.qianxin.com/mr_rot13-the-elusive-6-year-hacker-group-weaponizing-critical-cpanel-flaws-for-backdoor-deployment_cn/, IOCs.csv, https://blog.xlab.qianxin.com/mr_rot13-the-elusive-6-year-hacker-group-weaponizing-critical-cpanel-flaws-for-backdoor-deployment/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 month ago · Last seen 24 days ago
Appeared in 8 threat reports