IOC Radar
MD5MediumSignal 100/100

b18d098764a334e33000e726fa49b9b0

First Seen
Mar 28, 2025
Last Seen
Feb 9, 2026
Mar 28
First Seen
462d ago
Feb 9
Last Seen
144d ago
7
Reports
source reports
99%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

147 techniques

Feed Intelligence Summary

7 reports99% confidence
7
Source reports
99%
Confidence score
Category tags
abuseabuse elevationaccessaccess tokenactive scanningbotnetbotnet iocsbotnet miraibotnetdomainbrute forcebrute force attackbrute force attemptsc2command and controlconnected devicescredential accesscredential stuffingctadata exfiltrationddosddos attacksdefault credentialsdevice managementdistributed attackselffile-hashfilesgafgytgorillabotgs-25-1386indicatorindicators of compromiseindustrial iotinternet of thingsiocsiotiot analyticsiot applicationsiot botnetiot malwareiot platformsiot securityiot/ics attacklateral movementlinuxmalicious softwaremalwaremirai botnetnetwork scanningnetwork securityopendirpassword attacksprocess injectionprotocol exploitationreconnaissanceresearchedroutersscanning activitysecurity camerassmart devicesssh attackt1016t1021t1021.001t1021.002t1021.003t1027t1036t1036.005t1040t1053t1055t1057t1059t1059.004t1068t1070t1070.001t1070.002t1070.003t1070.004t1071t1071.001t1071.002t1078t1078.001t1078.002t1078.003t1078.004t1087t1098t1105t1110.001t1110.002t1110.003t1110.004t1113t1124t1133t1134t1189t1190t1486t1489t1496t1497t1498t1499t1499.002t1499.003t1546t1548t1562t1562.001t1562.002t1562.003t1564t1564.001t1564.002t1564.003t1564.004t1565t1565.001t1565.002t1566t1566.001t1566.002t1567t1567.001t1567.002t1573t1573.001t1573.002t1574t1574.001t1574.002t1574.009t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1583.006t1583.007t1584t1584.001t1584.002t1584.003t1585t1585.001t1585.002t1586t1586.001t1586.002t1587t1587.001t1587.002t1588t1588.001t1588.002t1588.003t1589t1591t1591.001t1591.002t1592t1592.001t1592.002t1592.003t1592.004t1593t1593.001t1593.002t1594t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.002t1597t1597.001t1597.002t1598t1598.001t1598.002t1598.003t1599t1600t1601t1602t1608t1608.001t1608.002t1608.003t1608.004t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621ta0001 initialtelnet threat

Activity Timeline

1 total obs
Feb 9Feb 9

Threat Activity Heatmap

· Peak: 2026-02-09
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
7
Reports
First seenMar 28, 2025
Last seenFeb 9, 2026

VirusTotal

Not checked

WHOIS

description
ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
references
https://bazaar.abuse.ch/export/csv/recent/, https://1275.ru/ioc/gs-25-1387-mirai-botnet-iocs_10192, https://www.virustotal.com/graph/embed/g963c7aef641c40bcaa97ee6ae621e4d8028e2cc8c7d644cf8f8c67ebd3dc988f?theme=dark, https://darfe.es/ciberwiki/index.php?title=Gafgyt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 7 threat reports