IOC Radar
MD5MediumSignal 99/100

e4a4fc96188310b7b07e7c0525b5c0aa

Location
Saudi ArabiaSaudi Arabia
First Seen
Nov 19, 2024
Last Seen
Jun 17, 2026
Nov 19
First Seen
591d ago
Jun 17
Last Seen
16d ago
12
Reports
source reports
99%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

110 techniques

Feed Intelligence Summary

12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseabuse.ch threatfoxabusech-threatfox-c2cacademic institutionsactive scanactive scanningaisurualienvault_ransomwareaptasiaasyncratattackaustraliaautomated analysisautomated osintautomated-analysisautomotive manufacturingbad reputationblock-or-filter-listbotnetbotnet activitybritish indian ocean territorybrute forcebrute force attackbuilding constructionc2c2 activityc2 communicationc2 infrastructurec2-infrastructurecalls-wmicobalt strikecobalt strike frameworkcobaltstrikecommand & controlcommand and controlcommand executioncommunication protocolconstruction materialsconstruction safetyconstruction technologyconsumer goodsconticonti codecredential accesscredential harvestingcredential stuffingdata breachdata encryptiondata exfiltrationdata leakagedata store exposuredata theftdetect-debug-environmentdistributed attacksdouble extortiondragon forcedragonforcedragonforce ransomwaredragonforce ransomware attackeducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingencryptionesxiesxi ransomwareeuropeexfiltrationexploitationexploitation activityextortionfile-hashhealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhttp scannerhttpsidentity & access exploitationindiaindicatorindicatorsindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityiociocsiot securityip-addressisraelit infrastructureitalyk-12 educationlandlateral movementlinuxlinux ransomwarelockbitlockbit codelong-sleepsmalaysiamalicious activitymalicious powershell activitymalicious softwaremalwaremalware campaign activitymalware campaign detectionmalware campaign disseminationmalware campaign trackingmalware distribution campaignmamonamanufacturing technologymedical servicesmeterpretermulti-extortionnetwork probingnetwork scanningnorth americaoceaniaoperating systemosintosint-volleyoverlaypassword attackspassword crackingpatient carepattern-sweep-volley-automationpayloadpeexeperuphishingphishing attackpost-exploitationpragueprocess injectionprocess manufacturingquality controlraasraas groupransom demandransom noteransomhubransomwareransomware cartelransomware multi-extortion attackransomware multi-extortion campaignransomware operationratreconnaissanceremote accessremote servicesresearchedretail tradesaudi arabiascams & fraudscanning activityscripting attackssecurity operationsself-signed certificateself-signed certificatesself-signed-certificateserviceshellsocial engineeringsoftware developmentsouth americasslssl certificatessl certificatesssl enrichmentssl_ipsstixsupply chain attacksupply chain managementsystem disruptionsystembcsystembc malwaret1003t1003.001t1003.006t1003.007t1003.008t1005t1016t1020t1021t1021.001t1027t1027.002t1027.003t1027.004t1036t1041t1046t1049t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1069.001t1070t1071t1071.001t1078t1078.001t1078.003t1078.004t1082t1083t1086t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1204t1204.002t1213t1213.002t1219t1485t1486t1489t1490t1491t1496t1499.002t1499.003t1530t1547t1547.001t1560t1562t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1573t1573.001t1573.002t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1588.006t1590.001t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004t1608t1608.001t1608.002t1608.003t1608.004t1609t1610t1611t1614t1614.001threat actorthreat intelligencethreat intelligence feedthreat-intelligencethreatfox apithreatfox feedtor nodeunited kingdomunited statesunknown malwareunknown-malwarevulnerability scanweb trafficwhite-labelwhite-label ransomwarewin32 malwarewindowswindows malwarewindows ransomware

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenNov 19, 2024
Last seenJun 17, 2026

VirusTotal

Not checked

WHOIS

references
https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists, IOC.pdf, https://www.bitdefender.com/en-us/blog/businessinsights/dragonforce-ransomware-cartel, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 16 days ago
Appeared in 12 threat reports