IOC Radar
SHA1MediumSignal 98/100

aa62afd6a48d3c42ed66d4f5b9189be847ec055b

Location
UkraineUkraine
First Seen
Jan 21, 2024
Last Seen
Jun 18, 2026
Jan 21
First Seen
892d ago
Jun 18
Last Seen
13d ago
11
Reports
source reports
98%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

19 techniques

Feed Intelligence Summary

11 reports98% confidence
11
Source reports
98%
Confidence score
Category tags
academic institutionsbitcoinblockchainbrute forcecivil servicescommodity contracts intermediationcredential accesscredential stuffingcrypto exchangecrypto miningcrypto walletcryptocurrencycyber extortiondata breachdata encryptiondata store exposuredecentralized financedigital currencydragondragon raasdragon ransomdragon teameducationeducational resourceseducational serviceseducational technologyencryptioneuropeexecutable fileexploitation activityextortionfile-hashghostlockerghostsecgovernment technologyhigher educationidentity & access exploitationindicatork-12 educationmalwareopensslphpphp webshellpro-russianpro-russian hacktivismpublic administrationpublic infrastructurepublic policypythonraas modelransomwareregulatory agenciesresearchedscripting languagesiegedsecsourcestormcrystormoussystem disruptiont1027t1059t1059.001t1059.007t1071t1078t1102t1110t1140t1190t1486t1490t1505t1505.003t1564t1566t1567t1573.001t1588teamthe five familiesthreat actorthreat actor: dragonthreat actor: stormoustor nodeukraineunitedweb application exploitationweb developmentwebshell

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
11
Reports
First seenJan 21, 2024
Last seenJun 18, 2026

VirusTotal

Not checked

WHOIS

description
PHP script, Unicode text, UTF-8 text, with CRLF line terminators
references
https://www.sentinelone.com/blog/dragon-raas-pro-russian-hacktivist-group-aims-to-build-on-the-five-families-cybercrime-reputation/, https://raw.githubusercontent.com/CyberThreatIntelligenceENTEL/malware-IoC/main/02.-Ransomware/Stormous%20Ransomware/26042022.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 13 days ago
Appeared in 11 threat reports