IOC Radar
MD5MediumSignal 100/100

3049cc891cf3e98cbbe56fe91dcec5b5

Location
Saint Helena, Ascension and Tristan da CunhaSaint Helena, Ascension and Tristan da Cunha
First Seen
Jun 28, 2025
Last Seen
Jul 11, 2025
Jun 28
First Seen
356d ago
Jul 11
Last Seen
343d ago
8
Reports
source reports
99%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Feed Intelligence Summary

8 reports99% confidence
8
Source reports
99%
Confidence score
Category tags
abuse elevationaccessaccess tokenactive scanningbashbotnetbrute forcebrute force attackc2 communicationchecks-hostnamecommand and controlconnected devicescredential accesscredential stuffingdata exfiltrationddosdetect-debug-environmentdevice managementdistributed attackseuropefile-hashfilesgafgytgafgyt botnet activitygermanyindicatorindustrial iotinternet of thingsiot analyticsiot applicationsiot exploitationiot platformsiot securitymalicious softwaremalwaremirai variantnetwork scanningpassword attackspayload deliveryprocess injectionreconnaissanceremote accessresearchedrouter compromisesaint helena, ascension and tristan da cunhasakurascanning activityscriptsecurity camera compromiseself-deleteservice-scanshellsmart devicest1005t1016t1021t1027t1053t1055t1057t1059t1068t1071t1071.001t1078t1087t1098t1105t1110.001t1110.002t1110.003t1110.004t1134t1189t1190t1486t1496t1497t1499t1499.002t1499.003t1548t1565t1566t1595.001t1595.002t1595.003ta0001 initial

Activity Timeline

1 total obs
Jul 11Jul 11

Threat Activity Heatmap

· Peak: 2025-07-11
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a critical and immediate threat to organizational assets. With a perfect score of 100.0 and explicit links to the Gafgyt malware, this hash signifies a high probability of compromise by a sophisticated botnet operation. Gafgyt is notoriously used for large-scale Distributed Denial of Service (DDoS) attacks, IoT device exploitation, and credential brute-forcing, posing a significant risk of network disruption, data manipulation, and unauthorized acces…

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
8
Reports
First seenJun 28, 2025
Last seenJul 11, 2025

VirusTotal

Not checked

WHOIS

description
Bourne-Again shell script, ASCII text executable
references
https://www.virustotal.com/graph/embed/g3c830464f4054d308cdd26031fec2712b9458c3fe51b40c58ed76a3541e95a10?theme=light, https://darfe.es/ciberwiki/index.php?title=Gafgyt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 11 months ago
Appeared in 8 threat reports