MD5LowSignal 30/100
bf80c96089d37b8571b5de7cab14dd9f
Location
SlovakiaFirst Seen
Mar 14, 2025
Last Seen
Apr 26, 2025
Found in 2 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
2 reports30% confidence
2
Source reports
30%
Confidence score
Category tags
aerospace & defenseakiraaptasiaasyncratbackbackdoorbackdoorsbelarusbeyondbitcoinblockchainbodybotnetbusyboxchinachina-nexus aptchiselclick-based attackclustercobalt strikecode executioncode injectioncoldcommand and controlcommand executioncommentcommodity contracts intermediationcommunication technologiesconticorecrashcredential accesscredential harvestingcrypto exchangecrypto miningcrypto walletcryptocurrencycustom malwarecyber espionagedarkgatedarksidedata encryptiondata exfiltrationdata theftdcratdecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydeltadenial of servicedigital currencydistributed attacksdonedonutdropelevateencrypteol vulnerabilityeuropeextortionfalsefigcaptionfigurefile-hashfirstformatfreebsdfreebsd shellgeminighostghosttowngobratgobrat orbgobratt orbgoogle threatgrepgtighashesimpactimpair defensesimportindicatorinfoinformation technologyingress tool transferinput validation bypassinstallit infrastructurejuniperjuniper malwarejuniper mxjuniper networksjuniper routersjunosjunos oskimsukylateral movementlaunchlauncherlinux malwareloaderlockbitlog disablinglogiclooplostmachomalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware implantmediamedusametasploitmiddlemilitary operationsmobilemobile carriersmobile networksmobile securitymonitoringnational securitynetwork attacksnetwork compromisenetwork infrastructurenetwork intrusionnetwork monitoringnetwork protocolnextnirvananoescapeoutsidepath traversalphishingphishing attackpithookplaypoolratprocess injectionprotectpushpythonqakbotqilinransomhouseransomwarerapidreconremote accessreptileresearchedrogue threatrouter exploitroutersrubyrustschoolscripting attacksseaelfserviceshadowshellslovakiasmokeloadersocial engineeringsoftware developmentsoftware exploitationspanspawnstreamstringsstrongswiftsystem disruptiont1003t1005t1014t1018t1021t1021.004t1027t1027.001t1027.002t1036.004t1049t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1064t1068t1070.002t1070.004t1071t1071.001t1078t1078.002t1082t1083t1086t1090t1090.001t1090.003t1095t1102t1105t1110t1133t1136t1140t1190t1199t1203t1204t1204.001t1204.002t1486t1490t1496t1499.002t1499.003t1505.001t1505.003t1547t1547.001t1552.004t1553.006t1555t1562t1562.001t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1573.001targettbodytechtelecom servicestelecommunicationtelecommunicationstermthreat actor activitytinyshelltoolstracetronturlaukraineunauthorized devicesunc3886user executionveriexec bypassverifywarzoneweb application exploitationwhispergatewindows malwarewritezerozipline
Activity Timeline
Apr 26Apr 26
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
2
Reports
First seenMar 14, 2025
Last seenApr 26, 2025
VirusTotal
Not checked
WHOIS
- description
- China-Nexus cyber espionage group, UNC3886, has deployed custom backdoors on Juniper Networks’ Junos OS routers, according to a new blog post by security firm Mandiant.
- references
- https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers, https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/, https://feeds.feedburner.com/threatintelligence/pvexyqv7v0v
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
lowFirst detected 1 year ago · Last seen 1 year ago
Appeared in 2 threat reports