IOC Radar Logo
IOCRadar
IOC Radar Logo
IOCRadar

21cedf3dcd7d30b718aa74bde7313052bad42db0f54fc7cb95a8587a8a6d40be

Hash
18%
SIGNAL STRENGTHExtremely Noisy
FIRST SEEN2025-04-12 08:20:08
LAST SEEN2025-04-23 20:06:26
CATEGORY
honeypot
malware
sftp attack
malicious activity
port scan
ssh attack
brute force and port scanning activity
MITRE
T1565 - Data Manipulation
T1486 - Data Encrypted for Impact
T1071.001 - Web Protocol
T1595 - Active Scanning
T1499.002 - Endpoint DoS
T1499.003 - Network DoS
T1496 - Resource Hijacking
T1190 - Exploit Public-Facing Application
T1110.002 - Brute Force
T1550 - Use Alternate Authentication Material
TAGS
cowrie honeypot
ssh monitoring
file transfer
credential access
credential stuffing
process injection
remote services
distributed attacks
command and control
malicious software
Eye Icon
SOCRadar
AI Insight

The presence of SHA256 hash 21cedf3dcd7d30b718aa74bde7313052bad42db0f54fc7cb95a8587a8a6d40be signals a potential compromise, warranting immediate investigation. This IOC is associated with malicious activity detected by AlienVault OTX feeds and is linked to a publicly documented honeypot attack targeting Cowrie SSH servers in April 2025, as reported on the Telekom Security TPOTCE GitHub repository. Its appearance indicates a potential attempt to exploit SSH vulnerabilities or deploy malware, potentially leading to unauthorized access, data exfiltration, or system compromise. Given its confirmed association with active attacks captured in honeypots, it should be treated as a high-priority indicator.

Summary

Hash Type:
sha256
MD5:
-
SHA-1:
-
SHA-256:
-
Files:
-
File Type:
-

Top Classifications

Campaign:
-
Industry:
-
Country:
-
Region:
-
Threat Actors:
-
Malware:
-

Feed Sources

Feed Source
Count
Date
AlienVault OTX Feeds
136
2025-04-23

Threat Activity Timeline

Last 24 hours
Very Aggressive
Last 7 Days
Very Aggressive
Last Month
Very Aggressive
Last 3 Months
Very Aggressive
Extended Threat Intelligence
Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.