IOC Radar
SHA1HighVerifiedSignal 27/100

1f72030aa638c2e99340b7ccfa07ee5c46dfc46b

Location
Russian FederationRussian Federation
First Seen
Mar 28, 2025
Last Seen
Sep 1, 2025
Mar 28
First Seen
456d ago
Sep 1
Last Seen
299d ago
5
Reports
source reports
27%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
27%
Signal Score
27 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Feed Intelligence Summary

5 reports27% confidence
5
Source reports
27%
Confidence score
Category tags
active scanningaerospace & defenseapt grouparsenalbackdoorbackdoor installationbotnetc&cc&c communicationchecks-user-inputcivil servicescommand and controlcommand executioncredential accessdarkwisepdarkwispdarkwisp malwaredata exfiltrationdata theftdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdisease vectordistributed attacksdiveencrypted communicationencrypthubencrypthub malwareencrypthub stealereurope/asiaexeexploitationfile-hashfilesgamaredon groupgithubgovernment technologyindicatorinfostealerinfrastructure acquisitionreconnaissancelateral movementlolbinslolbins usagemalicious powershell activitymalicious provisioning packagemalicious provisioning packagesmalicious softwaremalwaremilitary operationsmsc eviltwinmsc eviltwin techniquemsc file exploitationnational securitynetwork probingoperating systemoverlaypayload deliverypeexeperupowershell executionpowershell scriptingprocess injectionpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesrelatedremote accessremote code executionremote servicesresearchedrhadamanthys stealerrussiarussian federationscripting attackssigned msisilent prismsilent prism campaignsilentprismsilentprism backdoorsmica83south americastealcstealc stealerstealert1003t1003.001t1021t1021.001t1027t1027.002t1027.003t1036t1041t1047t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.005t1068t1069.001t1071t1071.001t1071.004t1078t1082t1083t1086t1102t1105t1124t1132t1133t1134t1140t1189t1190t1195t1202t1204t1204.002t1213t1486t1496t1499.002t1499.003t1543t1547t1547.001t1550.002t1550.003t1555t1558t1562.001t1565t1566t1566.001t1567t1569.002t1573t1574.001t1583.001t1584.003t1587.001t1588t1590.001t1592t1595t1595.001t1595.002t1595.003t1598trojan spywaretrojanspywater gamayunwin32 malwarewindows malwarewindows msc fileszero-day exploitzero-day exploitation

Activity Timeline

1 total obs
Sep 1Sep 1

Threat Activity Heatmap

· Peak: 2025-09-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
27
SIGNAL
Signal Score
27%
Confidence
5
Reports
First seenMar 28, 2025
Last seenSep 1, 2025
Verified IOC

VirusTotal

Not checked

WHOIS

description
PE32 executable (GUI) Intel 80386, for MS Windows
references
https://www.trendmicro.com/en_us/research/25/c/deep-dive-into-water-gamayun.html, https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 9 months ago
Appeared in 5 threat reports