SHA1MediumSignal 63/100
4373d48e1474bd18ad77566c79a4288cd1b606a1
First Seen
May 12, 2026
Last Seen
May 18, 2026
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
3 reports63% confidence
3
Source reports
63%
Confidence score
Category tags
administrationbackdoorbackdoor/ratbotnetbotnet activitybrute forcecpanel exploitationcpanel-pythoncredential harvestingcredential stuffingcredential theftdata exfiltrationdata store exposuredata theftdefenseexecutable fileexploitation activityfile-hashfilemanager ratidentity & access exploitationindicatorinfectorjs codelinuxmalwaremrrot13opencti_label ssh keyspayloadphpphp backdoorransomwareresearchedsoutheast asiassh backdoort1005t1027t1041t1056.003t1059.004t1071.001t1098t1098.004t1119t1140t1190tokentor nodewebshellwordpress targetingyara
Activity Timeline
May 18May 18
Threat Activity Heatmap
· Peak: 2026-05-18LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
3
Reports
First seenMay 12, 2026
Last seenMay 18, 2026
VirusTotal
Not checked
WHOIS
- description
- SHA1 of 02a5990b11293236e01f174f5999df20
- references
- https://blog.xlab.qianxin.com/mr_rot13-the-elusive-6-year-hacker-group-weaponizing-critical-cpanel-flaws-for-backdoor-deployment_cn/, IOCs.csv, https://blog.xlab.qianxin.com/mr_rot13-the-elusive-6-year-hacker-group-weaponizing-critical-cpanel-flaws-for-backdoor-deployment/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 month ago · Last seen 24 days ago
Appeared in 3 threat reports