MD5MediumSignal 94/100

`980cad4be8bf20fea5c34c5195013200`

Location

Thailand

First Seen

Jan 20, 2026

Last Seen

Apr 4, 2026

Jan 20

First Seen

145d ago

Apr 4

Last Seen

71d ago

Reports

source reports

94%

Confidence

medium

Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

MD5 Hash

MD5 file hash associated with malicious samples.

MISP Category

Artifacts Dropped

Hash Algorithm

MD5

Confidence

94%

Signal Score

94 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

74 techniques

Feed Intelligence Summary

5 reports94% confidence

Source reports

94%

Confidence score

Category tags

aaaaacceptaccess typeaccount securityactive scanaddress domainalertsall domainall filehashalvoesamericaarialascii textasiaasia pacificav detectionsbackdoorbb c7bc a1binarybinary filebotnetbotnet activitybrute forcec tmpsamplec2 ipc2 resolutioncallcallscanadacc fdcertcert validitychainck idck idsck matrixclick-based attackcloudflare dnscode executioncode injectioncommandcommand & controlcommand and controlcommand executioncommunication protocolcontactcreation datecredential harvestingcredential stuffingd4 dcdata accessdata copyingdata exfiltrationdata store exposuredata transferdata uploadddosddos attacksdefense evasiondelphidetect-debug-environmentdirectoi t1222distributed attacksdiv divdive intodns attackdohdownloaderdynamic dnsdynamicloaderedgeview driveelfelf executableelf geomielf64 operationencryptencryptionenoughentrieserroreuropeexchange allexcludeexclude dataexclude suggesexec amd6464executable fileexploitexploitation activityexternal ipextrf4 cafailedfastfastest privacyfilefile-hashfiler datafiler filehuonfilesfiles ipfilet cefilet filerfilet filetfindfind cfind sfirst dnsformatfull reportsgeckogermanyget helloget icarusglobalgogolanggoogle dnsh1256hackingtrio uahandlehelloheurhighhostname enumerationhostshttp performshttp scannerhttpshttps domainhua muicalulhybrididentity & access exploitationids detectionsinboundincludeinclude datainclude reviewindicatorindicatoreinfection dnsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassintelinternet of thingsiot botnetiot securityiot/ics attackipv4 addit infrastructurekey usagekhtmllabs pulseslayer protocollearnlesslinuxloaderloadslocalmalicious linksmalicious softwaremalwaremanualymatches datamatches edolavdmatches matchesmediummemory patternmetadata analysismirai botnetmirai variantmitre attmitre attackmodelmodify systmodify systemmozillanamename serversname tacticsnetwork communicationnetwork infonetwork scanningnew threatnextnext associatedno entrinorth americanumberogoogle trustopenoperating system securityotx logootx telemetryoutbound trafficpassive dnspath traversalpe sectionpe32 executablepegasusperforms dnsphishingphishing attackponmocup postpostprivate serverproc indicativeproccpuinfoprocess createprocess injectionprocess lpulsepulse pulsespulsesransomwareread creadsreads cpureconnaissancerecord valuereference idrelated tagsremc t1070remote accessremote servicesreport publishresearchedreview excludereview occsearchself-deleteserver caserversserviceshellshowshowingsingaporesingapore asnsmuxsocial engineeringsocial media securitysoftware developmentsoftware supplyspanstatusstopstreamstringsstwasuggestsuggested ocssuitesystemd servicesysvt1001t1003t1005t1007t1010t1012t1016t1021t1021.001t1027t1027 masqueract1030t1033t1036t1036 indicatort1037.002t1041t1055t1055.003t1056.004t1057t1059t1059.002t1059.004t1059.007t1060t1063t1070t1071t1071.001t1078t1082t1083t1095t1105t1106t1113t1119t1129t1133t1140t1155t1190t1195t1195.002t1204.001t1204.002t1210t1222t1486t1496t1499t1499.002t1499.003t1518t1543t1543.002t1546t1546.015t1565t1566.001t1566.002t1566.003t1571t1573t1583t1583.003t1583.005t1587.001t1589.001t1590t1590.001t1590.005t1608.002t1609t1614thailandthreat actortico datatitletls snitls versiontocstuttor nodetraefik defaulttraffic tcptrojan malwaretwittertyp datatyp filettyp innicatadtypeunique ruunitedunited statesunixunix shellunknown nsurlsuser executionusrbinid idv3 serialvaluevulnerability scanweb application attackweb application exploitationweb trafficwin32 malwarewindirwindows malwareworldwormwritexoryarayara detectionsyara rulezergzergecazergeca botnetzergeca sample

Activity Timeline

1 total obs

Apr 4Apr 4

Threat Activity Heatmap

· Peak: 2026-04-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), a malicious MD5 hash, represents a critical threat to organizational security and demands immediate attention. With a high score of 94.07, its presence in any environment strongly indicates an active compromise or a high-probability attack vector. The hash is extensively associated with advanced botnet operations, including variants of the notorious Mirai and Zergeca botnets, known for orchestrating large-scale Distributed Denial of Service (DDoS) attacks and …

Threat ScoreHigh Risk

SIGNAL

Signal Score

94%

Confidence

Reports

First seenJan 20, 2026

Last seenApr 4, 2026

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 4 months ago · Last seen 2 months ago

Appeared in 5 threat reports