IOC Radar
SHA1HighVerifiedSignal 30/100

50520639cf77df0c15cc95076fac901e3d04b708

Location
ChinaChina
First Seen
Mar 14, 2025
Last Seen
Apr 4, 2026
Mar 14
First Seen
453d ago
Apr 4
Last Seen
68d ago
4
Reports
source reports
30%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

65 techniques

Feed Intelligence Summary

4 reports30% confidence
4
Source reports
30%
Confidence score
Category tags
active scanaerospace & defenseakiraasiaasyncratbackbackdoorbackdoorsbad reputationbelarusbeyondbitcoinblockchainbodybotnetbotnet activitybrute forcebusyboxchinachiselclick-based attackclustercobalt strikecode executioncode injectioncoldcommand and controlcommand executioncommentcommodity contracts intermediationcommunication technologiesconticorecrashcredential accesscredential harvestingcredential stuffingcrypto exchangecrypto miningcrypto walletcryptocurrencycustom malwaredarkgatedarksidedata encryptiondata exfiltrationdata store exposuredcratddosdecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydeltadenial of servicedigital currencydistributed attacksdonedonutdropelevateencryptencryptioneuropeexploitation activityextortionfalsefigcaptionfigurefile-hashfirstformatfreebsdfreebsd shellgeminighostghosttowngobratgobrat orbgobratt orbgoogle threatgrepgtigidentity & access exploitationimpactimpair defensesimportindicatorinfoinformation technologyingress tool transferinjection activityinput validation bypassinstalliot securityit infrastructurejuniperjuniper malwarejuniper mxjuniper networksjuniper routersjunosjunos oskimsukylateral movementlaunchlauncherlinux malwareloaderlockbitlog disablinglogiclooplostmachomalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware implantmediamedusametasploitmiddlemilitary operationsmobilemobile carriersmobile networksmobile securitymonitoringnation-state activitynational securitynetwork attacksnetwork infrastructurenetwork intrusionnetwork monitoringnetwork protocolnextnirvananoescapeoutsidepath traversalphishingphishing attackpithookplaypoolratprocess injectionprotectpushpythonqakbotqilinransomhouseransomwarerapidreconremote accessreptileresearchedrogue threatrouter exploitroutersrubyrustschoolscripting attacksseaelfserviceshadowshellslovakiasmokeloadersocial engineeringsoftware developmentsoftware exploitationspanspawnstreamstringsstrongswiftsystem disruptiont1003t1005t1014t1018t1021t1021.004t1027t1027.001t1027.002t1036.004t1049t1053.005t1055t1059t1059.001t1059.004t1064t1068t1070.002t1070.004t1071t1071.001t1078t1078.002t1082t1083t1086t1090t1090.001t1090.003t1095t1102t1105t1110t1133t1136t1140t1190t1199t1203t1204t1204.001t1204.002t1486t1490t1496t1499.002t1499.003t1505.001t1505.003t1547t1547.001t1552.004t1553.006t1555t1562t1562.001t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1573.001targettbodytechtelecom servicestelecommunicationtelecommunicationstermthreat actorthreat actor activitytinyshelltoolstor nodetracetronturlaukraineunauthorized devicesunc3886user executionveriexec bypassverifywarzoneweb application attackweb application exploitationwhispergatewindows malwarewritezerozipline

Activity Timeline

1 total obs
Apr 4Apr 4

Threat Activity Heatmap

· Peak: 2026-04-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
4
Reports
First seenMar 14, 2025
Last seenApr 4, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
China-Nexus cyber espionage group, UNC3886, has deployed custom backdoors on Juniper Networks’ Junos OS routers, according to a new blog post by security firm Mandiant.
references
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers, https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/, https://feeds.feedburner.com/threatintelligence/pvexyqv7v0v

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 2 months ago
Appeared in 4 threat reports