MD5HighVerifiedSignal 98/100

`23ca4ab1518ff76f5037ea12f367a469`

Location

Singapore

First Seen

Jul 9, 2024

Last Seen

Apr 4, 2026

Jul 9

First Seen

706d ago

Apr 4

Last Seen

72d ago

Reports

source reports

98%

Confidence

high

Found in 7 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

MD5 Hash

MD5 file hash associated with malicious samples.

MISP Category

Artifacts Dropped

Hash Algorithm

MD5

Confidence

98%

Signal Score

98 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

74 techniques

Feed Intelligence Summary

7 reports98% confidence

Source reports

98%

Confidence score

Category tags

aaaaabuseacceptaccess typeaccount securityactive scanaddress domainalertsall domainall filehashalvoesamericaarialascii textasiaasia pacificav detectionsbackdoorbad reputationbb c7bc a1binarybinary filebotnetbotnet activitybrute forcec tmpsamplec2 ipc2 resolutioncallcallscanadacc fdcertcert validitychainck idck idsck matrixclick-based attackcloudflare dnscode executioncode injectioncommandcommand & controlcommand and controlcommand executioncommunication protocolcontactcreation datecredential harvestingcredential stuffingd4 dcdata accessdata copyingdata exfiltrationdata store exposuredata transferdata uploadddosddos attacksdefense evasiondelphidetect-debug-environmentdirectoi t1222distributed attacksdiv divdive intodns attackdohdownloaderdynamic dnsdynamicloaderedgeview driveelfelf executableelf geomielf64 operationencryptencryptionenoughentrieserroreuropeexchange allexcludeexclude dataexclude suggesexec amd6464executable fileexploitexploitation activityexternal ipextrf4 cafailedfastfastest privacyfilefile-hashfiler datafiler filehuonfilesfiles ipfilet cefilet filerfilet filetfindfind cfind sfirst dnsformatfull reportsgeckogermanyget helloget icarusglobalgogolanggoogle dnsh1256hackingtrio uahandlehelloheurhighhostname enumerationhostshttp performshttp scannerhttpshttps domainhua muicalulhybrididentity & access exploitationids detectionsinboundincludeinclude datainclude reviewindicatorindicatoreinfection dnsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassintelinternet of thingsiot botnetiot securityiot/ics attackipv4 addit infrastructurekey usagekhtmllabs pulseslayer protocollearnlesslinuxloaderloadslocalmalicious linksmalicious softwaremalwaremanualymatches datamatches edolavdmatches matchesmediummemory patternmetadata analysismirai botnetmirai variantmitre attmitre attackmodelmodify systmodify systemmozillanamename serversname tacticsnetwork communicationnetwork infonetwork scanningnew threatnextnext associatedno entrinorth americanumberogoogle trustopenoperating system securityotx logootx telemetryoutbound trafficpassive dnspath traversalpe sectionpe32 executablepegasusperforms dnsphishingphishing attackponmocup postpostprivate serverproc indicativeproccpuinfoprocess createprocess injectionprocess lpulsepulse pulsespulsesransomwareread creadsreads cpureconnaissancerecord valuereference idrelated tagsremc t1070remote accessremote servicesreport publishresearchedreview excludereview occsearchself-deleteserver caserversserviceshellshowshowingsingaporesingapore asnsmuxsocial engineeringsocial media securitysoftware developmentsoftware supplyspanstatusstopstreamstringsstwasuggestsuggested ocssuitesystemd servicesysvt1001t1003t1005t1007t1010t1012t1016t1021t1021.001t1027t1027 masqueract1030t1033t1036t1036 indicatort1037.002t1041t1055t1055.003t1056.004t1057t1059t1059.002t1059.004t1059.007t1060t1063t1070t1071t1071.001t1078t1082t1083t1095t1105t1106t1113t1119t1129t1133t1140t1155t1190t1195t1195.002t1204.001t1204.002t1210t1222t1486t1496t1499t1499.002t1499.003t1518t1543t1543.002t1546t1546.015t1565t1566.001t1566.002t1566.003t1571t1573t1583t1583.003t1583.005t1587.001t1589.001t1590t1590.001t1590.005t1608.002t1609t1614thailandthreat actortico datatitletls snitls versiontocstuttor nodetraefik defaulttraffic tcptrojan malwaretwittertyp datatyp filettyp innicatadtypeunique ruunitedunited statesunixunix shellunknown nsurlsuser executionusrbinid idv3 serialvaluevulnerability scanweb application attackweb application exploitationweb trafficwin32 malwarewindirwindows malwareworldwormwritexoryarayara detectionsyara rulezergzergecazergeca botnetzergeca sample

Activity Timeline

1 total obs

Apr 4Apr 4

Threat Activity Heatmap

· Peak: 2026-04-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) signifies a critical threat, directly associated with a highly active and dangerous botnet infrastructure. With a high threat score of 97.99, this IOC points towards potential system compromise, possibly involving the notorious Zergeca and Mirai botnets, alongside various other potent malware families like Salat and Tofsee. If left unaddressed, its presence within an organizational environment could lead to severe consequences, including distributed denial-of-s…

Threat ScoreHigh Risk

SIGNAL

Signal Score

98%

Confidence

Reports

First seenJul 9, 2024

Last seenApr 4, 2026

Verified IOC

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

high

First detected 1 year ago · Last seen 2 months ago

Appeared in 7 threat reports