MD5MediumSignal 99/100
e4a4fc96188310b7b07e7c0525b5c0aa
Location
First Seen
Nov 19, 2024
Last Seen
Jun 17, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseabuse.ch threatfoxabusech-threatfox-c2cacademic institutionsactive scanactive scanningaisurualienvault_ransomwareaptasiaasyncratattackaustraliaautomated analysisautomated osintautomated-analysisautomotive manufacturingbad reputationblock-or-filter-listbotnetbotnet activitybritish indian ocean territorybrute forcebrute force attackbuilding constructionc2c2 activityc2 communicationc2 infrastructurec2-infrastructurecalls-wmicobalt strikecobalt strike frameworkcobaltstrikecommand & controlcommand and controlcommand executioncommunication protocolconstruction materialsconstruction safetyconstruction technologyconsumer goodsconticonti codecredential accesscredential harvestingcredential stuffingdata breachdata encryptiondata exfiltrationdata leakagedata store exposuredata theftdetect-debug-environmentdistributed attacksdouble extortiondragon forcedragonforcedragonforce ransomwaredragonforce ransomware attackeducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingencryptionesxiesxi ransomwareeuropeexfiltrationexploitationexploitation activityextortionfile-hashhealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhttp scannerhttpsidentity & access exploitationindiaindicatorindicatorsindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityiociocsiot securityip-addressisraelit infrastructureitalyk-12 educationlandlateral movementlinuxlinux ransomwarelockbitlockbit codelong-sleepsmalaysiamalicious activitymalicious powershell activitymalicious softwaremalwaremalware campaign activitymalware campaign detectionmalware campaign disseminationmalware campaign trackingmalware distribution campaignmamonamanufacturing technologymedical servicesmeterpretermulti-extortionnetwork probingnetwork scanningnorth americaoceaniaoperating systemosintosint-volleyoverlaypassword attackspassword crackingpatient carepattern-sweep-volley-automationpayloadpeexeperuphishingphishing attackpost-exploitationpragueprocess injectionprocess manufacturingquality controlraasraas groupransom demandransom noteransomhubransomwareransomware cartelransomware multi-extortion attackransomware multi-extortion campaignransomware operationratreconnaissanceremote accessremote servicesresearchedretail tradesaudi arabiascams & fraudscanning activityscripting attackssecurity operationsself-signed certificateself-signed certificatesself-signed-certificateserviceshellsocial engineeringsoftware developmentsouth americasslssl certificatessl certificatesssl enrichmentssl_ipsstixsupply chain attacksupply chain managementsystem disruptionsystembcsystembc malwaret1003t1003.001t1003.006t1003.007t1003.008t1005t1016t1020t1021t1021.001t1027t1027.002t1027.003t1027.004t1036t1041t1046t1049t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1069.001t1070t1071t1071.001t1078t1078.001t1078.003t1078.004t1082t1083t1086t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1204t1204.002t1213t1213.002t1219t1485t1486t1489t1490t1491t1496t1499.002t1499.003t1530t1547t1547.001t1560t1562t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1573t1573.001t1573.002t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1588.006t1590.001t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004t1608t1608.001t1608.002t1608.003t1608.004t1609t1610t1611t1614t1614.001threat actorthreat intelligencethreat intelligence feedthreat-intelligencethreatfox apithreatfox feedtor nodeunited kingdomunited statesunknown malwareunknown-malwarevulnerability scanweb trafficwhite-labelwhite-label ransomwarewin32 malwarewindowswindows malwarewindows ransomware
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenNov 19, 2024
Last seenJun 17, 2026
VirusTotal
Not checked
WHOIS
- references
- https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists, IOC.pdf, https://www.bitdefender.com/en-us/blog/businessinsights/dragonforce-ransomware-cartel, https://bazaar.abuse.ch/export/csv/recent/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 16 days ago
Appeared in 12 threat reports