IOC Radar
MD5MediumSignal 98/100

b15a8047abd9a3af013cf6c77ce15acf

Location
CanadaCanada
First Seen
Jan 21, 2024
Last Seen
May 23, 2026
Jan 21
First Seen
881d ago
May 23
Last Seen
28d ago
10
Reports
source reports
98%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Feed Intelligence Summary

10 reports98% confidence
10
Source reports
98%
Confidence score
Category tags
abuseacademic institutionsbad reputationbitcoinblockchainbotnetbotnet activitybrute forcecanadacivil servicescommand and controlcommodity contracts intermediationcredential accesscredential stuffingcrypto exchangecrypto miningcrypto walletcryptocurrencycyber extortiondata breachdata encryptiondata exfiltrationdata store exposuredata theftdecentralized financedecryptdigital currencydirecdistributed attacksdragondragon raasdragon ransomdragon teameducationeducational resourceseducational serviceseducational technologyencdecencryptencryptioneuropeexecutable fileexploitation activityextortionfile-hashfrancegermanyghostlockerghostsecgovernment technologyhigher educationidentity & access exploitationin the wildindexindiaindicatorinitial accessinjection activityiranislamic republic ofisraelitalyk-12 educationkey1lateral movementmalicious softwaremalwaremcryptmthdmultiplenetherlandsopensslphpphp backdoorphp webshellpro-russianpro-russian grouppro-russian hacktivismpro-russian hacktivistprocess injectionpublic administrationpublic infrastructurepublic policypythonraasraas modelransomwareregulatory agenciesresearchedrussian federationscripting languagesiegedsecsourcestormcrystormcry ransomwarestormoussystem disruptiont1003t1027t1027.001t1027.002t1027.003t1055t1059t1059.001t1059.004t1059.007t1068t1071t1071.001t1071.004t1078t1078.002t1102t1105t1110t1133t1140t1189t1190t1204t1204.002t1486t1490t1496t1499.002t1499.003t1505t1505.003t1530t1547t1547.001t1564t1565t1566t1567t1573t1573.001t1583.001t1588t1588.002t1592.002t1595.002teamthe five familiesthreat actorthreat actor: dragonthreat actor: stormoustor nodeukraineukraine conflictunitedweb application exploitationweb developmentwebshellwebshell deploymentyemen

Activity Timeline

1 total obs
May 23May 23

Threat Activity Heatmap

· Peak: 2026-05-23
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
10
Reports
First seenJan 21, 2024
Last seenMay 23, 2026

VirusTotal

Not checked

WHOIS

description
PHP script, Unicode text, UTF-8 text, with CRLF line terminators
references
https://www.sentinelone.com/blog/dragon-raas-pro-russian-hacktivist-group-aims-to-build-on-the-five-families-cybercrime-reputation/, Stormous(1)(1).php, https://raw.githubusercontent.com/CyberThreatIntelligenceENTEL/malware-IoC/main/02.-Ransomware/Stormous%20Ransomware/26042022.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 28 days ago
Appeared in 10 threat reports