← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites | Google Cloud Blog
WHITE Figure PetrP.73 2025-05-28 Modified: 2025-05-28
50
IOCs
MEDIUM VOLUME
A study by Mandiant Threat Defense and Google Cloud Next shows how cybercriminals are weaponizing the interest in artificial intelligence (AI) through fake websites and malicious social media ads, including Facebook and LinkedIn.
protobufhkcusoftwareurlswebdriversfigurethreat intelligencefrostriftstarkveilxwormgrimpull
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Threat Intelligence FROSTRIFT STARKVEIL XWORM GRIMPULL
Indicators of Compromise (50)
All FileHash-SHA256 URL YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 1a037da4103e38ff95cb0008a5e38fd6a8e7df5bc8e2d44e496b7a5909ddebeb 2025-05-28
FileHash-SHA256 4982a33e0c2858980126b8279191cb4eddd0a35f936cf3eda079526ba7c76959 2025-05-28
FileHash-SHA256 839260ac321a44da55d4e6a5130c12869066af712f71c558bd42edd56074265b 2025-05-28
FileHash-SHA256 8863065544df546920ce6189dd3f99ab3f5d644d3d9c440667c1476174ba862b 2025-05-28
FileHash-SHA256 8d2c9c2b5af31e0e74185a82a816d3d019a0470a7ad8f5c1b40611aa1fd275cc 2025-05-28
FileHash-SHA256 a0e75bd0b0fa0174566029d0e50875534c2fcc5ba982bd539bdeff506cae32d3 2025-05-28
FileHash-SHA256 d3f50dc61d8c2be665a2d3933e2668448edc31546fea84517f8e61237c6d2e5d 2025-05-28
FileHash-SHA256 dcb1e9c6b066c2169928ae64e82343a250261f198eb5d091fd7928b69ed135d3 2025-05-28
FileHash-SHA256 e663c1ba289d890a74e33c7e99f872c9a7b63e385a6a4af10a856d5226c9a822 2025-05-28
URL http://artisanaqua.ddnsking.com:25699 2025-05-28
URL http://strokes.zapto.org:56001 2025-05-28
URL http://strokes.zapto.org:7789 2025-05-28
URL https://klingxai.com 2025-05-28
URL https://lumalabsai.in/. 2025-05-28
URL https://lumalabsai.in/complete 2025-05-28
URL https://lumalabsai.in/complete/ 2025-05-28
YARA 8526cf7ef15cbd4416465c4926d863505d692a63 2025-05-28
YARA 96a3a7f9472d37d552221885ee61dabff5a155d5 2025-05-28
domain adobe-express.com 2025-05-28
domain ai-kling.com 2025-05-28
domain aikling.ai 2025-05-28
domain aisoraplus.com 2025-05-28
domain boostcreatives-ai.com 2025-05-28
domain boostcreatives.ai 2025-05-28
domain canva-dreamlab.com 2025-05-28
domain canvadream-lab.com 2025-05-28
domain canvadreamlab.ai 2025-05-28
domain canvadreamlab.com 2025-05-28
domain canvaproai.com 2025-05-28
domain capcutproai.com 2025-05-28
domain creativepro-ai.com 2025-05-28
domain creativepro.ai 2025-05-28
domain creativespro-ai.com 2025-05-28
domain dotnet.is 2025-05-28
domain dreamai-luma.com 2025-05-28
domain klings-ai.com 2025-05-28
domain klingxai.com 2025-05-28
domain luma-aidream.com 2025-05-28
domain luma-dream.com 2025-05-28
domain luma-dreamai.com 2025-05-28
domain luma-dreammachine.com 2025-05-28
domain lumaai-dream.com 2025-05-28
domain lumaai-lab.com 2025-05-28
domain lumaai-labs.com 2025-05-28
domain lumaaidream.com 2025-05-28
domain lumaailabs.com 2025-05-28
domain lumalabsai.in 2025-05-28
domain quirkquestai.com 2025-05-28
hostname artisanaqua.ddnsking.com 2025-05-28
hostname strokes.zapto.org 2025-05-28
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites/