MD5MediumSignal 99/100
58008524a6473bdf86c1040a9a9e39c3
Location
First Seen
Mar 2, 2022
Last Seen
Jun 2, 2026
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
15 reports99% confidence
15
Source reports
99%
Confidence score
Category tags
.louis extensionabuseaccount discoveryaccount profilingaccount takeoveractive relatedactive scanactive scanningadded activeadfindahnlabahnlab securityakiraalienvault_ransomwareasecashen lepusasiaattackautoitautomotive manufacturingav killersbackdoorbad reputationbankingbertbert ransomwarebitcoinaddressbitsbjorkablackbastabotnetbotnet activitybrazilbrowser exploitationbrute forcecalls-wmicenterchecks-user-inputchinacloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecodecode executioncode injectioncoinminercommand and controlcommand executioncommunication protocolconticountrycn sepcredential accesscredential dumpingcredential harvestingcredential stuffingcredit card servicescross-platform ransomwarecryptocurrencycyber threatscybercrime forumsdark webdark web activitydata breachdata breachesdata encryptiondata exfiltrationdata store exposuredatabase leakdatabase leaksdeep webdefense evasiondemodesktopdetect-debug-environmentdigital paymentsdistributed attacksdomaindownload pagedownloaderdropperelectronic health recordselectronics manufacturingencryptionesxieu cyber policieseuropeeveresteverest ransomwareexfiltrationexploitation activityextortionfile-hashfinancefinance and insurancefinancial sectorfinancial servicesfinancial technologyfindgermanyguloaderhacking toolshavochealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp attackhttp scannerhttpshybrididentity & access exploitationie browserindiaindicatorindicators showindonesiaindustrial automationindustrial iotindustrial productioninformation securityinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinput validation bypassinsideiociocsiot securityipv4issues relatedit infrastructurelateral movementlazagnelearnlearn morelinuxlokibotlong-sleepsluca stealermain pagemakopmakop ransomwaremalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware deliverymalware distributionmalware infectionsmanufacturing technologymasscanmedical servicesmedusalockermulti-cloud managementnetpassnetscannetwork probingnetwork scanningnewsnlbruteoperating systemoverlaypathpath traversalpatient carepayload deliverypayment processingpeexeperuphishingphishing attackphishing attacksphobospowershellprivilege escalationprocess injectionprocess manufacturingprotectpulsespulses urlpython malwareqilinqmarkquality controlquick healransom demandransom demandsransomhubransomwareransomware activityransomware attacksrdp exploitationreconnaissanceregional securityrelated pulsesremote accessremote servicesreportsresearchedrevilrhysidarole titlescanscannerscanning activityscripting attackssearchservice scansmallsocial engineeringsoftware developmentsoftware exploitationsouth americasouth koreastopsummarysuomisupply chain attacksupply chain managementsvhostsystem disruptiont1003t1005t1021t1021.001t1027t1048t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.006t1059.007t1068t1069.001t1071t1071.001t1074t1076t1078t1078.002t1083t1086t1105t1110t1110.002t1133t1190t1203t1204.001t1204.002t1219t1485t1486t1489t1490t1491.001t1496t1499.001t1499.002t1499.003t1543.003t1547t1548t1548.002t1560t1562t1562.001t1562.004t1563t1565t1566t1566.001t1566.002t1566.003t1567t1573t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003threat actortitle addedtooltor nodetrend microtrend micro reporttrend visiontype indicatortypesupxveeamvhashvia-torvision onevoicevpnvulnerability scanwealth managementweb application attackweb application exploitationweb attackweb exploitationweb securityweb trafficwin32 malwarewindowswindows malwarexloaderxmrigxmrig coinminerzdata0
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), a highly suspicious file hash, represents a critical threat to organizational security. With a severe score of 99.37, its presence in the environment suggests a high likelihood of compromise by sophisticated adversaries. This IOC is directly linked to numerous aggressive ransomware groups, including BlackBasta, Babuk, Akira, Everest, Rhysida, Qilin, REvil, and Conti, as well as the advanced persistent threat group Roaming Mantis. Detection of this hash implies…
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
15
Reports
First seenMar 2, 2022
Last seenJun 2, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
- references
- https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses, https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html, https://asec.ahnlab.com/en/88936, https://www.group-ib.com/blog/estate-ransomware/, Book2.csv, Book1.csv, https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses/, Julypt1.pdf, https://asec.ahnlab.com/en/88936/, https://labs.inquest.net/iocdb, https://asec.ahnlab.com/en/60845/, https://bazaar.abuse.ch/export/txt/sha256/recent/, https://bazaar.abuse.ch/export/txt/md5/recent/, https://bazaar.abuse.ch/export/txt/sha1/recent/, https://threatfox.abuse.ch/export/csv/sha256/recent/, https://threatfox.abuse.ch/export/csv/md5/recent/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 27 days ago
Appeared in 15 threat reports