IOC Radar
MD5HighVerifiedSignal 30/100

8023d01ffb7a38b582f0d598afb974ee

Location
BelarusBelarus
First Seen
Mar 14, 2025
Last Seen
Mar 31, 2026
Mar 14
First Seen
464d ago
Mar 31
Last Seen
83d ago
4
Reports
source reports
30%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

67 techniques

Feed Intelligence Summary

4 reports30% confidence
4
Source reports
30%
Confidence score
Category tags
active scanaerospace & defenseakiraaptasiaasyncratbackbackdoorbackdoorsbad reputationbelarusbeyondbitcoinblockchainbodybotnetbotnet activitybrute forcebusyboxchinachina-nexus aptchiselclick-based attackclustercobalt strikecode executioncode injectioncoldcommand and controlcommand executioncommentcommodity contracts intermediationcommunication technologiesconticorecrashcredential accesscredential harvestingcredential stuffingcrypto exchangecrypto miningcrypto walletcryptocurrencycustom malwarecyber espionagedarkgatedarksidedata encryptiondata exfiltrationdata store exposuredata theftdcratddosdecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydeltadenial of servicedigital currencydistributed attacksdonedonutdropelevateencryptencryptioneol vulnerabilityeuropeexploitation activityextortionfalsefigcaptionfigurefile-hashfirstformatfreebsdfreebsd shellgeminighostghosttowngobratgobrat orbgobratt orbgoogle threatgrepgtighashesidentity & access exploitationimpactimpair defensesimportindicatorinfoinformation technologyingress tool transferinjection activityinput validation bypassinstalliot securityit infrastructurejuniperjuniper malwarejuniper mxjuniper networksjuniper routersjunosjunos oskimsukylateral movementlaunchlauncherlinux malwareloaderlockbitlog disablinglogiclooplostmachomalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware implantmediamedusametasploitmiddlemilitary operationsmobilemobile carriersmobile networksmobile securitymonitoringnation-state activitynational securitynetwork attacksnetwork compromisenetwork infrastructurenetwork intrusionnetwork monitoringnetwork protocolnextnirvananoescapeoutsidepath traversalphishingphishing attackpithookplaypoolratprocess injectionprotectpushpythonqakbotqilinransomhouseransomwarerapidreconremote accessreptileresearchedrogue threatrouter exploitroutersrubyrustschoolscripting attacksseaelfserviceshadowshellslovakiasmokeloadersocial engineeringsoftware developmentsoftware exploitationspanspawnstreamstringsstrongswiftsystem disruptiont1003t1005t1014t1018t1021t1021.004t1027t1027.001t1027.002t1036.004t1049t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1064t1068t1070.002t1070.004t1071t1071.001t1078t1078.002t1082t1083t1086t1090t1090.001t1090.003t1095t1102t1105t1110t1133t1136t1140t1190t1199t1203t1204t1204.001t1204.002t1486t1490t1496t1499.002t1499.003t1505.001t1505.003t1547t1547.001t1552.004t1553.006t1555t1562t1562.001t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1573.001targettbodytechtelecom servicestelecommunicationtelecommunicationstermthreat actorthreat actor activitytinyshelltoolstor nodetracetronturlaukraineunauthorized devicesunc3886user executionveriexec bypassverifyvulnerability scanwarzoneweb application attackweb application exploitationwhispergatewindows malwarewritezerozipline

Activity Timeline

1 total obs
Mar 31Mar 31

Threat Activity Heatmap

· Peak: 2026-03-31
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
4
Reports
First seenMar 14, 2025
Last seenMar 31, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
China-Nexus cyber espionage group, UNC3886, has deployed custom backdoors on Juniper Networks’ Junos OS routers, according to a new blog post by security firm Mandiant.
references
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers, https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/, https://feeds.feedburner.com/threatintelligence/pvexyqv7v0v

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 2 months ago
Appeared in 4 threat reports