SHA1HighVerifiedSignal 30/100
01735bb47a933ae9ec470e6be737d8f646a8ec66
Location
ChinaFirst Seen
Mar 14, 2025
Last Seen
Mar 24, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
5 reports30% confidence
5
Source reports
30%
Confidence score
Category tags
aerospace & defenseakiraasiaasyncratbackbackdoorbackdoorsbelarusbeyondbitcoinblockchainbodybotnetbusyboxchinachiselclick-based attackclustercobalt strikecode executioncode injectioncoldcommand and controlcommand executioncommentcommodity contracts intermediationcommunication technologiesconticorecrashcredential accesscredential harvestingcrypto exchangecrypto miningcrypto walletcryptocurrencycustom malwaredarkgatedarksidedata encryptiondata exfiltrationdcratdecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydeltadenial of servicedigital currencydistributed attacksdonedonutdropelevateencrypteuropeextortionfalsefigcaptionfigurefile-hashfirstformatfreebsdfreebsd shellgeminighostghosttowngobratgobrat orbgobratt orbgoogle threatgrepgtigimpactimpair defensesimportindicatorinfoinformation technologyingress tool transferinput validation bypassinstallit infrastructurejuniperjuniper malwarejuniper mxjuniper networksjuniper routersjunosjunos oskimsukylateral movementlaunchlauncherlinux malwareloaderlockbitlog disablinglogiclooplostmachomalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware implantmediamedusametasploitmiddlemilitary operationsmobilemobile carriersmobile networksmobile securitymonitoringnational securitynetwork attacksnetwork infrastructurenetwork intrusionnetwork monitoringnetwork protocolnextnirvananoescapeoutsidepath traversalphishingphishing attackpithookplaypoolratprocess injectionprotectpushpythonqakbotqilinransomhouseransomwarerapidreconremote accessreptileresearchedrogue threatrouter exploitroutersrubyrustschoolscripting attacksseaelfserviceshadowshellslovakiasmokeloadersocial engineeringsoftware developmentsoftware exploitationspanspawnstreamstringsstrongswiftsystem disruptiont1003t1005t1014t1018t1021t1021.004t1027t1027.001t1027.002t1036.004t1049t1053.005t1055t1059t1059.001t1059.004t1064t1068t1070.002t1070.004t1071t1071.001t1078t1078.002t1082t1083t1086t1090t1090.001t1090.003t1095t1102t1105t1110t1133t1136t1140t1190t1199t1203t1204t1204.001t1204.002t1486t1490t1496t1499.002t1499.003t1505.001t1505.003t1547t1547.001t1552.004t1553.006t1555t1562t1562.001t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1573.001targettbodytechtelecom servicestelecommunicationtelecommunicationstermthreat actor activitytinyshelltoolstracetronturlaukraineunauthorized devicesunc3886user executionveriexec bypassverifywarzoneweb application exploitationwhispergatewindows malwarewritezerozipline
Activity Timeline
Mar 24Mar 24
Threat Activity Heatmap
· Peak: 2026-03-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
5
Reports
First seenMar 14, 2025
Last seenMar 24, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- China-Nexus cyber espionage group, UNC3886, has deployed custom backdoors on Juniper Networks’ Junos OS routers, according to a new blog post by security firm Mandiant.
- references
- https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers, https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/, https://feeds.feedburner.com/threatintelligence/pvexyqv7v0v
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 1 year ago · Last seen 2 months ago
Appeared in 5 threat reports