IOC Radar
SHA1MediumSignal 94/100

d1bc47278e766a9a0cca2fa16c847bc52958ab8c

Location
Palestine, State ofPalestine, State of
First Seen
Mar 28, 2025
Last Seen
Apr 17, 2026
Mar 28
First Seen
444d ago
Apr 17
Last Seen
59d ago
8
Reports
source reports
94%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

71 techniques

Feed Intelligence Summary

8 reports94% confidence
8
Source reports
94%
Confidence score
Category tags
active scanactive scanningaerospace & defenseapt grouparsenalbackdoorbackdoor installationbotnetbotnet activitybrute forcec#c&cc&c communicationcalls-wmichecks-bioschecks-network-adapterscivil servicescommand & controlcommand and controlcommand executioncredential accesscredential stuffingdarkwisepdarkwispdarkwisp malwaredata exfiltrationdata store exposuredata theftdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdisease vectordistributed attacksdiveencrypted communicationencrypthubencrypthub malwareencrypthub stealereurope/asiaexecutable fileexploitationexploitation activityfile-hashfilesgamaredon groupgithubgovernment technologyidentity & access exploitationindicatorinfostealerinfrastructure acquisitionreconnaissanceinjection activityiot securitylateral movementlolbinslolbins usagelong-sleepsmalicious powershell activitymalicious provisioning packagemalicious provisioning packagesmalicious softwaremalwaremilitary operationsmobile threatmsc eviltwinmsc eviltwin techniquemsc file exploitationnational securitynetwork probingoperating systempalestine, state ofpayload deliverypowershell executionpowershell scriptingprocess injectionps1public administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesrelatedremote accessremote code executionresearchedrhadamanthys stealerrussiarussian federationscripting attackssigned msisilent prismsilent prism campaignsilentprismsilentprism backdoorsmica83sourcestealcstealc stealerstealert1003t1003.001t1021.001t1027t1027.002t1027.003t1036t1041t1047t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.005t1068t1069.001t1071t1071.001t1071.004t1078t1082t1083t1086t1102t1105t1124t1132t1133t1134t1140t1189t1190t1195t1202t1204t1204.002t1213t1486t1496t1499.002t1499.003t1543t1547t1547.001t1550.002t1550.003t1555t1558t1562.001t1565t1566t1566.001t1567t1569.002t1573t1574.001t1583.001t1584.003t1587.001t1588t1590.001t1592t1595t1595.001t1595.002t1595.003t1598threat actortor nodetrojan spywaretrojanspyvulnerability scanwater gamayunwindows msc fileszero-day exploitzero-day exploitation

Activity Timeline

1 total obs
Apr 17Apr 17

Threat Activity Heatmap

· Peak: 2026-04-17
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
8
Reports
First seenMar 28, 2025
Last seenApr 17, 2026

VirusTotal

Not checked

WHOIS

description
Unicode text, UTF-8 text, with very long lines (57674u), with CRLF line terminators
references
https://www.trendmicro.com/en_us/research/25/c/deep-dive-into-water-gamayun.html, https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports