← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Clipboard to Compromise: PowerShell Script Self-Pwn | Proofpoint US
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
28
IOCs
MEDIUM VOLUME
Find out more about Proofpoint, the world's leading cybersecurity company, at the same time as the company's US headquarters in New York. £1.5m ($2.3m)
powershellta571proofpointclearfakehtmlhtml attachmentbuttondarkgateclickfixrun dialoguematanbuchusapriljunelumma stealeramadeyhijackloaderwebdavlummavidarnetsupport
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Lumma Vidar Matanbuchus DarkGate NetSupport ClearFake TA571
Indicators of Compromise (28)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1bc0891045c3a3348ff19b42ef5b063a MD5 of 9701fec71e5bbec912f69c8ed63ffb6dba21b9cca7e67da5d60a72139c1795d1 2025-02-22
FileHash-MD5 41af2d08aa940c5a3fd1fa9ccd8d2cb4 MD5 of 11909c0262563f29d28312baffb7ff027f113512c5a76bab7c5870f348ff778f 2025-02-22
FileHash-MD5 6d3cf95a1b85a0c469005a7203203a9f MD5 of 07e0c15adc6fcf6096dd5b0b03c20145171c00afe14100468f18f01876457c80 2025-02-22
FileHash-SHA1 13ba76134aaddd054f8782c8b71e6018801f8bb2 SHA1 of 11909c0262563f29d28312baffb7ff027f113512c5a76bab7c5870f348ff778f 2025-02-22
FileHash-SHA1 ab9a233497482da68f16200c6bac1fed7023eefa SHA1 of 07e0c15adc6fcf6096dd5b0b03c20145171c00afe14100468f18f01876457c80 2025-02-22
FileHash-SHA1 c07149b988da40b492566ff7f96f1d2242e8ea8b SHA1 of 9701fec71e5bbec912f69c8ed63ffb6dba21b9cca7e67da5d60a72139c1795d1 2025-02-22
FileHash-SHA256 07e0c15adc6fcf6096dd5b0b03c20145171c00afe14100468f18f01876457c80 2025-02-22
FileHash-SHA256 11909c0262563f29d28312baffb7ff027f113512c5a76bab7c5870f348ff778f 2025-02-22
FileHash-SHA256 9701fec71e5bbec912f69c8ed63ffb6dba21b9cca7e67da5d60a72139c1795d1 2025-02-22
URL http://languangjob.com/pandstvx 2025-02-22
URL http://mylittlecabbage.net/qhsddxna 2025-02-22
URL http://mylittlecabbage.net/xcdttafq 2025-02-22
URL https://cdn3535.shop/1.zip 2025-02-22
URL https://jenniferwelsh.com/header.png 2025-02-22
URL https://kostumn1.ilabserver.com/1.zip 2025-02-22
URL https://lashakhazhalia86dancer.com/c.txt 2025-02-22
URL https://oazevents.com/loader.html 2025-02-22
URL https://rtattack.baqebei1.online/df/tt 2025-02-22
domain cdn3535.shop 2025-02-22
domain jenniferwelsh.com 2025-02-22
domain languangjob.com 2025-02-22
domain lashakhazhalia86dancer.com 2025-02-22
domain mylittlecabbage.net 2025-02-22
domain oazevents.com 2025-02-22
domain pley.es 2025-02-22
email rechtsanwalt@ra-silberkuhl.com 2025-02-22
hostname kostumn1.ilabserver.com 2025-02-22
hostname rtattack.baqebei1.online 2025-02-22
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn