← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Tricks and Treats: GHOSTPULSE’s new pixel-level deception — Elastic Security Labs
WHITE CyberHunter_NL 2024-10-22 Modified: 2024-10-22
108
IOCs
HIGH VOLUME
The latest version of the GHOSTPULSE malware has evolved to hide its encrypted configuration and payload within the pixels of a PNG file, according to research by Elastic Security Labs and the University of California, Los Angeles.
ghostpulselummastealer c2idat chunksecuritypng filesecurity labsoctobercaptchayaraidat stringtrojancontacthijackloaderlumma stealergreenlumma
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
LUMMA GHOSTPULSE
Indicators of Compromise (108)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 6a04e635ebd54701f2da4f0db22d188b MD5 of 57ebf79c384366162cb0f13de0de4fc1300ebb733584e2d8887505f22f877077 2024-10-22
FileHash-SHA1 e9d1fcf27c6817ad89768caf0f5d1ea494be1fa9 SHA1 of 57ebf79c384366162cb0f13de0de4fc1300ebb733584e2d8887505f22f877077 2024-10-22
FileHash-SHA256 57ebf79c384366162cb0f13de0de4fc1300ebb733584e2d8887505f22f877077 2024-10-22
FileHash-SHA256 b54d9db283e6c958697bfc4f97a5dd0ba585bc1d05267569264a2d700f0799ae 2024-10-22
YARA 45c256a39d1ccbc96ae5c755a64f1ed35c52d844 2024-10-22
YARA 770dad7a9525fb24dc3045b05204c778d4404d64 2024-10-22
domain drawzhotdog.shop 2024-10-22
domain fragnantbui.shop 2024-10-22
domain ghostreedmnu.shop 2024-10-22
domain gutterydhowi.shop 2024-10-22
domain offensivedzvju.shop 2024-10-22
domain reinforcenh.shop 2024-10-22
domain riderratttinow.shop 2024-10-22
domain stogeneratmns.shop 2024-10-22
domain vozmeatillu.shop 2024-10-22
FileHash-SHA256 0a6a258bfdb9b1947f2945b44e274ff3f06a7c5c733ff83c2a71c5f911fa9cc0 2024-10-22
FileHash-SHA256 0ce01a445ebfe36d54ccd28ea5aa03c9699dbb2e212a5106356bee1fb8e4177f 2024-10-22
FileHash-SHA256 12560c31b2c4de287c7de9462f673269b82363a66867e08f035f28e174ca957c 2024-10-22
FileHash-SHA256 14ef31145914629db6a0c1b1f1d46b971491cd0db566d5678cc35259664b06d1 2024-10-22
FileHash-SHA256 1622822b3f7f66537240b4760560550654eb2c23c1f57c7e4bb52d3cbc5edd5e 2024-10-22
FileHash-SHA256 1fa6bfba290cd75c09efa73e28942a0ae876ff8e745e7ff764c102534b1f8aeb 2024-10-22
FileHash-SHA256 2da667c881a6b5f4b773c932bcbb6825fda5a85a38bfb51e06921cb88c353f3b 2024-10-22
FileHash-SHA256 4abd1070dff0c450d09bd6e3fb236753f773cc592aa31cd95a24e81576956b38 2024-10-22
FileHash-SHA256 9136c32467cd79e8fdb7ea154540093c005c6cf636bc52d7af6caf170a1a828b 2024-10-22
FileHash-SHA256 927f2074ad7b76b46535cc94eb1fb357e528258dd0e55d828decb5ff5e70d2b9 2024-10-22
FileHash-SHA256 92f54f1548f405e3b6df7e03c9d97f75d6455691162de3a54ab625a9942f6672 2024-10-22
FileHash-SHA256 abf88cbe8a21804ccdf319ddf9249e07f87e61f1f9adf64bb8c246e4b6203a2f 2024-10-22
URL http://fragnantbui.shop/_- 2024-10-22
URL http://fragnantbui.shop/api 2024-10-22
URL http://fragnantbui.shop/api-:: 2024-10-22
URL http://fragnantbui.shop/api3 2024-10-22
URL http://fragnantbui.shop/apip 2024-10-22
URL http://fragnantbui.shop/api~ 2024-10-22
URL https://fragnantbui.shop/390 2024-10-22
URL https://fragnantbui.shop/api 2024-10-22
URL https://fragnantbui.shop/apiI 2024-10-22
URL https://fragnantbui.shop/apid 2024-10-22
URL https://fragnantbui.shop/apill_ 2024-10-22
URL https://fragnantbui.shop/apipi 2024-10-22
URL https://fragnantbui.shop/xA 2024-10-22
FileHash-SHA256 49b342bc51fce077b6079d1473f88d69c6351ad2fdcee09abc47daee8f8fb368 2024-10-22
URL http://drawzhotdog.shop/390 2024-10-22
URL http://drawzhotdog.shop/api 2024-10-22
URL http://drawzhotdog.shop/apill 2024-10-22
URL http://drawzhotdog.shop/ef 2024-10-22
URL https://drawzhotdog.shop/390 2024-10-22
URL https://drawzhotdog.shop/api 2024-10-22
URL https://drawzhotdog.shop/apiP_ 2024-10-22
URL http://ghostreedmnu.shop/390 2024-10-22
URL http://ghostreedmnu.shop/N 2024-10-22
URL http://ghostreedmnu.shop/api 2024-10-22
URL http://ghostreedmnu.shop/v 2024-10-22
URL https://ghostreedmnu.shop/390 2024-10-22
URL https://ghostreedmnu.shop/N 2024-10-22
URL https://ghostreedmnu.shop/api 2024-10-22
URL https://ghostreedmnu.shop/api4 2024-10-22
URL https://ghostreedmnu.shop/apiOuK/390 2024-10-22
URL https://ghostreedmnu.shop/v 2024-10-22
URL http://riderratttinow.shop/api 2024-10-22
URL https://riderratttinow.shop/api 2024-10-22
URL http://gutterydhowi.shop/390 2024-10-22
URL http://gutterydhowi.shop/api 2024-10-22
URL https://gutterydhowi.shop/390 2024-10-22
URL https://gutterydhowi.shop/api 2024-10-22
URL https://gutterydhowi.shop/api5/ 2024-10-22
URL https://gutterydhowi.shop/o 2024-10-22
URL https://gutterydhowi.shop/w 2024-10-22
URL http://offensivedzvju.shop/390 2024-10-22
URL http://offensivedzvju.shop/i 2024-10-22
URL http://offensivedzvju.shop/mm 2024-10-22
URL http://offensivedzvju.shop/pi2 2024-10-22
URL https://offensivedzvju.shop/$Y 2024-10-22
URL https://offensivedzvju.shop/390 2024-10-22
URL https://offensivedzvju.shop/api 2024-10-22
URL https://offensivedzvju.shop/apia 2024-10-22
URL https://offensivedzvju.shop/ll 2024-10-22
URL https://offensivedzvju.shop/s/390 2024-10-22
URL http://stogeneratmns.shop/390 2024-10-22
URL http://stogeneratmns.shop/api 2024-10-22
URL http://stogeneratmns.shop/api$ 2024-10-22
URL https://stogeneratmns.shop/390 2024-10-22
URL https://stogeneratmns.shop/a 2024-10-22
URL https://stogeneratmns.shop/api 2024-10-22
URL https://stogeneratmns.shop/apic 2024-10-22
URL https://stogeneratmns.shop/apii/390 2024-10-22
URL https://stogeneratmns.shop/apit/390 2024-10-22
URL https://stogeneratmns.shop/apiyQ9 2024-10-22
URL http://reinforcenh.shop/api 2024-10-22
URL http://reinforcenh.shop/apila_Z 2024-10-22
URL http://reinforcenh.shop/apiq 2024-10-22
URL https://reinforcenh.shop/390 2024-10-22
URL https://reinforcenh.shop/Y 2024-10-22
URL https://reinforcenh.shop/api 2024-10-22
URL https://reinforcenh.shop/api.0.1/390 2024-10-22
URL https://reinforcenh.shop/api6 2024-10-22
URL https://reinforcenh.shop/apiK- 2024-10-22
URL https://reinforcenh.shop/apih 2024-10-22
URL https://reinforcenh.shop/apill/390 2024-10-22
URL https://reinforcenh.shop/apiyV/390 2024-10-22
URL https://reinforcenh.shop/l4 2024-10-22
URL http://vozmeatillu.shop/1 2024-10-22
URL http://vozmeatillu.shop/api 2024-10-22
URL http://vozmeatillu.shop/apibE 2024-10-22
URL https://vozmeatillu.shop/390 2024-10-22
URL https://vozmeatillu.shop/api 2024-10-22
URL https://vozmeatillu.shop/apipi 2024-10-22
URL https://vozmeatillu.shop/apiw/390 2024-10-22
URL https://vozmeatillu.shop/vedz 2024-10-22
References (1)
↗ https://www.elastic.co/security-labs/tricks-and-treats