← Back to Pulse Feed
PULSE DETAIL
A malicious campaign that uses deceptive websites, including spoofed Gitcodes and fake Docusign verification pages, to trick users into running malicious PowerShell scripts on their Windows machines
https://dti.domaintools.com/how-threat-actors-exploit-human-trust/
https://github.com/DomainTools/SecuritySnacks/blob/main/2025/Prove-You-Are-Human.csv
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
NetSupportManager RAT
Indicators of Compromise (69)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 96f78187e8fc777efc3740740db4fba5 | MD5 of 80b274871e5024dfa9e513219fe3df82cc8fe4255010bd5d04d23d5833962c10 | 2025-06-05 | |
| FileHash-MD5 | 9dabf38bd7d2b88ef196ad531202d045 | MD5 of f9a241a768397efb4b43924fbd32186fcb1c88716fff3085d3ddcdd322d3404f | 2025-06-05 | |
| FileHash-SHA1 | 8e7e3bbcf8d51243462dca4d03af1f0ceabb54e6 | SHA1 of 80b274871e5024dfa9e513219fe3df82cc8fe4255010bd5d04d23d5833962c10 | 2025-06-05 | |
| FileHash-SHA1 | 8f0b8261a1eff925a39ca117099bc8b0317c941b | SHA1 of f9a241a768397efb4b43924fbd32186fcb1c88716fff3085d3ddcdd322d3404f | 2025-06-05 | |
| FileHash-SHA256 | 07576e1db7e7bd0f7d2c54b6749fdd73c72dba8c2ba8ab110b305cfc10c93c80 | — | 2025-06-05 | |
| FileHash-SHA256 | 1a128f6748d71d02c72ba51268be181143405830a4e48dfa53bf3d6ed3391211 | — | 2025-06-05 | |
| FileHash-SHA256 | 431b0b19239fc5e0eeaee70cd6e807868142e8cd0b2b6b1bd4a7a2cc8eb57d15 | — | 2025-06-05 | |
| FileHash-SHA256 | 58874c0dc26a78cdc058f84af9967f31b3c43173edc7515fa400e6ef8386205f | — | 2025-06-05 | |
| FileHash-SHA256 | 80b274871e5024dfa9e513219fe3df82cc8fe4255010bd5d04d23d5833962c10 | — | 2025-06-05 | |
| FileHash-SHA256 | 89043d2817d1bb4cb57ed939823dca0af9ae412655a6c75c694cb13d088efe5a | — | 2025-06-05 | |
| FileHash-SHA256 | 8ffacc942d1c3f45e797369a1f4cbd5dcd84372abf979b06220236d5a5cea649 | — | 2025-06-05 | |
| FileHash-SHA256 | ab8fdde9fb9b88c400c737d460dcbf559648dc2768981bdd68f55e1f98292c2a | — | 2025-06-05 | |
| FileHash-SHA256 | b258de3b7ef42b4f4bfb0fb5ffe7c55df6aef01cc591abe34a70d1ff82130cd5 | — | 2025-06-05 | |
| FileHash-SHA256 | b2daa2b5afb389828e088ec8b27c0636bdad94b2ef71dcf8034ee601cb60d8d6 | — | 2025-06-05 | |
| FileHash-SHA256 | b3e879b5952988fb0c656240365db8f01198f9d83cd2a3ec0e2a8ee172e20a11 | — | 2025-06-05 | |
| FileHash-SHA256 | c6907acabf2edf0be959c64a434e101963f7c18dcf79f116e0ce6b5ced5dd08c | — | 2025-06-05 | |
| FileHash-SHA256 | d7fadf7ef45c475bd9a759a771d99ccf95edfa8a0c101ce2439a07b66c2e5c72 | — | 2025-06-05 | |
| FileHash-SHA256 | e9fe19455642673b14c77d18a1e7ed925f23906bf11237dfafd7fb2cba1f666d | — | 2025-06-05 | |
| FileHash-SHA256 | f9a241a768397efb4b43924fbd32186fcb1c88716fff3085d3ddcdd322d3404f | — | 2025-06-05 | |
| domain | 0xpaste.com | — | 2025-06-05 | |
| domain | aitradingview.dev | — | 2025-06-05 | |
| domain | batalia-dansului.xyz | — | 2025-06-05 | |
| domain | battalia-dansului.com | — | 2025-06-05 | |
| domain | betamodetradingview.dev | — | 2025-06-05 | |
| domain | betatradingview.dev | — | 2025-06-05 | |
| domain | charts-beta.dev | — | 2025-06-05 | |
| domain | codepaste.io | — | 2025-06-05 | |
| domain | dans-lupta.xyz | — | 2025-06-05 | |
| domain | dev-beta.com | — | 2025-06-05 | |
| domain | dev-update.dev | — | 2025-06-05 | |
| domain | devbetabeta.dev | — | 2025-06-05 | |
| domain | devchart.ai | — | 2025-06-05 | |
| domain | developer-ai.dev | — | 2025-06-05 | |
| domain | developer-beta.dev | — | 2025-06-05 | |
| domain | developer-mode.dev | — | 2025-06-05 | |
| domain | developer-package.dev | — | 2025-06-05 | |
| domain | developer-update.dev | — | 2025-06-05 | |
| domain | developerbeta.dev | — | 2025-06-05 | |
| domain | devmode-beta.dev | — | 2025-06-05 | |
| domain | devmodebeta.dev | — | 2025-06-05 | |
| domain | devtradingview.ai | — | 2025-06-05 | |
| domain | devtradingview.net | — | 2025-06-05 | |
| domain | gitcodes.io | — | 2025-06-05 | |
| domain | gitcodes.net | — | 2025-06-05 | |
| domain | gitcodes.org | — | 2025-06-05 | |
| domain | gitpaste.com | — | 2025-06-05 | |
| domain | givcodes.com | — | 2025-06-05 | |
| domain | hubofnotion.com | — | 2025-06-05 | |
| domain | jeffsorsonblog.dev | — | 2025-06-05 | |
| domain | loyalcompany.net | — | 2025-06-05 | |
| domain | mhousecreative.com | — | 2025-06-05 | |
| domain | modedev.ai | — | 2025-06-05 | |
| domain | modedeveloper.ai | — | 2025-06-05 | |
| domain | modedeveloper.com | — | 2025-06-05 | |
| domain | modedevs.ai | — | 2025-06-05 | |
| domain | nsocks.net | — | 2025-06-05 | |
| domain | pasteco.com | — | 2025-06-05 | |
| domain | pastefy.com | — | 2025-06-05 | |
| domain | pastefy.net | — | 2025-06-05 | |
| domain | pastefy.pro | — | 2025-06-05 | |
| domain | tradingview-ai.dev | — | 2025-06-05 | |
| domain | tradingview-beta.dev | — | 2025-06-05 | |
| domain | tradingviewai.dev | — | 2025-06-05 | |
| domain | tradingviewbeta.dev | — | 2025-06-05 | |
| domain | tradingviewdev.com | — | 2025-06-05 | |
| domain | tradingviewindicator.dev | — | 2025-06-05 | |
| domain | tradingviewtool.com | — | 2025-06-05 | |
| domain | tradingviewtoolz.com | — | 2025-06-05 | |
| domain | tradingviewtradingview.dev | — | 2025-06-05 |
References (1)