← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
How Threat Actors Exploit Human Trust: A Breakdown of the 'Prove You Are Human' Malware Scheme
This report details a malicious campaign that uses deceptive websites, including spoofed Gitcodes and fake Docusign verification pages, to trick users into running malicious PowerShell scripts on their Windows machines. Victims are lured into copying and pasting these scripts into their Windows Run prompt, which then download and execute multiple stages of additional scripts, ultimately leading to the installation of the NetSupport RAT (remote access trojan).
Indicators of Compromise (95)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 11cdffd8fb08ced60383d92518d3d533 | MD5 of b258de3b7ef42b4f4bfb0fb5ffe7c55df6aef01cc591abe34a70d1ff82130cd5 | 2025-06-06 | |
| FileHash-MD5 | 2a174f61916ffd4e5a3be0aedb65023d | MD5 of 89043d2817d1bb4cb57ed939823dca0af9ae412655a6c75c694cb13d088efe5a | 2025-06-06 | |
| FileHash-MD5 | 43c0452cf0d32b00310887240526529a | MD5 of d7fadf7ef45c475bd9a759a771d99ccf95edfa8a0c101ce2439a07b66c2e5c72 | 2025-06-06 | |
| FileHash-MD5 | 480b411f6a567244383b7afe3b43dfa3 | MD5 of ab8fdde9fb9b88c400c737d460dcbf559648dc2768981bdd68f55e1f98292c2a | 2025-06-06 | |
| FileHash-MD5 | 6025de95cdf08c8f7574c7657922a38f | MD5 of b2daa2b5afb389828e088ec8b27c0636bdad94b2ef71dcf8034ee601cb60d8d6 | 2025-06-06 | |
| FileHash-MD5 | 64caaa70e17b664f0564eeb7f2b2cb02 | MD5 of c6907acabf2edf0be959c64a434e101963f7c18dcf79f116e0ce6b5ced5dd08c | 2025-06-06 | |
| FileHash-MD5 | 827612dad7add277ea0da08a60bf5edc | MD5 of 58874c0dc26a78cdc058f84af9967f31b3c43173edc7515fa400e6ef8386205f | 2025-06-06 | |
| FileHash-MD5 | 89f5df1eb7ed5a2eb98b19ba2a1aa5ec | MD5 of 07576e1db7e7bd0f7d2c54b6749fdd73c72dba8c2ba8ab110b305cfc10c93c80 | 2025-06-06 | |
| FileHash-MD5 | 96f78187e8fc777efc3740740db4fba5 | MD5 of 80b274871e5024dfa9e513219fe3df82cc8fe4255010bd5d04d23d5833962c10 | 2025-06-06 | |
| FileHash-MD5 | 9dabf38bd7d2b88ef196ad531202d045 | MD5 of f9a241a768397efb4b43924fbd32186fcb1c88716fff3085d3ddcdd322d3404f | 2025-06-06 | |
| FileHash-MD5 | aee94df121a08fd219403057a489ef84 | MD5 of 1a128f6748d71d02c72ba51268be181143405830a4e48dfa53bf3d6ed3391211 | 2025-06-06 | |
| FileHash-MD5 | b6e70f9b15f6c8c7175a3d1d9d0e0ad9 | MD5 of 8ffacc942d1c3f45e797369a1f4cbd5dcd84372abf979b06220236d5a5cea649 | 2025-06-06 | |
| FileHash-MD5 | e001fc2d067e6fe12199244f481a9af7 | MD5 of b3e879b5952988fb0c656240365db8f01198f9d83cd2a3ec0e2a8ee172e20a11 | 2025-06-06 | |
| FileHash-MD5 | e7f0f85f1674043c0cdff5289b09f4f4 | MD5 of e9fe19455642673b14c77d18a1e7ed925f23906bf11237dfafd7fb2cba1f666d | 2025-06-06 | |
| FileHash-MD5 | fac81ad5aa4b5cc68318159e50404cd1 | MD5 of 431b0b19239fc5e0eeaee70cd6e807868142e8cd0b2b6b1bd4a7a2cc8eb57d15 | 2025-06-06 | |
| FileHash-SHA1 | 0eb8587a5038be351263d48c549ba2c54a413bcd | SHA1 of 89043d2817d1bb4cb57ed939823dca0af9ae412655a6c75c694cb13d088efe5a | 2025-06-06 | |
| FileHash-SHA1 | 18b2abd6eff0b42af937a363a30eeab3cad9b2a6 | SHA1 of e9fe19455642673b14c77d18a1e7ed925f23906bf11237dfafd7fb2cba1f666d | 2025-06-06 | |
| FileHash-SHA1 | 22b2be354ec203d1410cee0586e0a4cd00a32389 | SHA1 of d7fadf7ef45c475bd9a759a771d99ccf95edfa8a0c101ce2439a07b66c2e5c72 | 2025-06-06 | |
| FileHash-SHA1 | 4ec3f1eaa100465932f32e3a61e1414abb7c9950 | SHA1 of c6907acabf2edf0be959c64a434e101963f7c18dcf79f116e0ce6b5ced5dd08c | 2025-06-06 | |
| FileHash-SHA1 | 7c178482ab786d0c8feb909255f656b172037f46 | SHA1 of b2daa2b5afb389828e088ec8b27c0636bdad94b2ef71dcf8034ee601cb60d8d6 | 2025-06-06 | |
| FileHash-SHA1 | 8e7e3bbcf8d51243462dca4d03af1f0ceabb54e6 | SHA1 of 80b274871e5024dfa9e513219fe3df82cc8fe4255010bd5d04d23d5833962c10 | 2025-06-06 | |
| FileHash-SHA1 | 8f0b8261a1eff925a39ca117099bc8b0317c941b | SHA1 of f9a241a768397efb4b43924fbd32186fcb1c88716fff3085d3ddcdd322d3404f | 2025-06-06 | |
| FileHash-SHA1 | 94c21947cc66c3eb563e23377e5bfce99dfb7828 | SHA1 of 58874c0dc26a78cdc058f84af9967f31b3c43173edc7515fa400e6ef8386205f | 2025-06-06 | |
| FileHash-SHA1 | 95c6a4f8d59a4c82f64ba7a025735b158a27ee00 | SHA1 of 431b0b19239fc5e0eeaee70cd6e807868142e8cd0b2b6b1bd4a7a2cc8eb57d15 | 2025-06-06 | |
| FileHash-SHA1 | 9b3181ca5707d03c6c58c9cf580ae48dbc97a3f5 | SHA1 of 8ffacc942d1c3f45e797369a1f4cbd5dcd84372abf979b06220236d5a5cea649 | 2025-06-06 | |
| FileHash-SHA1 | a01ad655eaabb8b4c043ce98930e7258767e0161 | SHA1 of 1a128f6748d71d02c72ba51268be181143405830a4e48dfa53bf3d6ed3391211 | 2025-06-06 | |
| FileHash-SHA1 | ab77f7c559aa2df73eb462b5bcf68c9bb2623ae0 | SHA1 of b3e879b5952988fb0c656240365db8f01198f9d83cd2a3ec0e2a8ee172e20a11 | 2025-06-06 | |
| FileHash-SHA1 | b3ce95a749041fae38348f59e4b39b675211b940 | SHA1 of b258de3b7ef42b4f4bfb0fb5ffe7c55df6aef01cc591abe34a70d1ff82130cd5 | 2025-06-06 | |
| FileHash-SHA1 | b85e60906a499f7e2661e58d42b815e5b6cb70a9 | SHA1 of 07576e1db7e7bd0f7d2c54b6749fdd73c72dba8c2ba8ab110b305cfc10c93c80 | 2025-06-06 | |
| FileHash-SHA1 | eacfaa7ce4b3b1d55bedb2a2321177933d2a7e1e | SHA1 of ab8fdde9fb9b88c400c737d460dcbf559648dc2768981bdd68f55e1f98292c2a | 2025-06-06 | |
| FileHash-SHA256 | 07576e1db7e7bd0f7d2c54b6749fdd73c72dba8c2ba8ab110b305cfc10c93c80 | — | 2025-06-06 | |
| FileHash-SHA256 | 1a128f6748d71d02c72ba51268be181143405830a4e48dfa53bf3d6ed3391211 | — | 2025-06-06 | |
| FileHash-SHA256 | 431b0b19239fc5e0eeaee70cd6e807868142e8cd0b2b6b1bd4a7a2cc8eb57d15 | — | 2025-06-06 | |
| FileHash-SHA256 | 58874c0dc26a78cdc058f84af9967f31b3c43173edc7515fa400e6ef8386205f | — | 2025-06-06 | |
| FileHash-SHA256 | 80b274871e5024dfa9e513219fe3df82cc8fe4255010bd5d04d23d5833962c10 | — | 2025-06-06 | |
| FileHash-SHA256 | 89043d2817d1bb4cb57ed939823dca0af9ae412655a6c75c694cb13d088efe5a | — | 2025-06-06 | |
| FileHash-SHA256 | 8ffacc942d1c3f45e797369a1f4cbd5dcd84372abf979b06220236d5a5cea649 | — | 2025-06-06 | |
| FileHash-SHA256 | ab8fdde9fb9b88c400c737d460dcbf559648dc2768981bdd68f55e1f98292c2a | — | 2025-06-06 | |
| FileHash-SHA256 | b258de3b7ef42b4f4bfb0fb5ffe7c55df6aef01cc591abe34a70d1ff82130cd5 | — | 2025-06-06 | |
| FileHash-SHA256 | b2daa2b5afb389828e088ec8b27c0636bdad94b2ef71dcf8034ee601cb60d8d6 | — | 2025-06-06 | |
| FileHash-SHA256 | b3e879b5952988fb0c656240365db8f01198f9d83cd2a3ec0e2a8ee172e20a11 | — | 2025-06-06 | |
| FileHash-SHA256 | c6907acabf2edf0be959c64a434e101963f7c18dcf79f116e0ce6b5ced5dd08c | — | 2025-06-06 | |
| FileHash-SHA256 | d7fadf7ef45c475bd9a759a771d99ccf95edfa8a0c101ce2439a07b66c2e5c72 | — | 2025-06-06 | |
| FileHash-SHA256 | e9fe19455642673b14c77d18a1e7ed925f23906bf11237dfafd7fb2cba1f666d | — | 2025-06-06 | |
| FileHash-SHA256 | f9a241a768397efb4b43924fbd32186fcb1c88716fff3085d3ddcdd322d3404f | — | 2025-06-06 | |
| domain | 0xpaste.com | — | 2025-06-06 | |
| domain | aitradingview.dev | — | 2025-06-06 | |
| domain | batalia-dansului.xyz | — | 2025-06-06 | |
| domain | battalia-dansului.com | — | 2025-06-06 | |
| domain | betamodetradingview.dev | — | 2025-06-06 | |
| domain | betatradingview.dev | — | 2025-06-06 | |
| domain | charts-beta.dev | — | 2025-06-06 | |
| domain | codepaste.io | — | 2025-06-06 | |
| domain | dans-lupta.xyz | — | 2025-06-06 | |
| domain | dev-beta.com | — | 2025-06-06 | |
| domain | dev-update.dev | — | 2025-06-06 | |
| domain | devbetabeta.dev | — | 2025-06-06 | |
| domain | devchart.ai | — | 2025-06-06 | |
| domain | developer-ai.dev | — | 2025-06-06 | |
| domain | developer-beta.dev | — | 2025-06-06 | |
| domain | developer-mode.dev | — | 2025-06-06 | |
| domain | developer-package.dev | — | 2025-06-06 | |
| domain | developer-update.dev | — | 2025-06-06 | |
| domain | developerbeta.dev | — | 2025-06-06 | |
| domain | devmode-beta.dev | — | 2025-06-06 | |
| domain | devmodebeta.dev | — | 2025-06-06 | |
| domain | devtradingview.ai | — | 2025-06-06 | |
| domain | devtradingview.net | — | 2025-06-06 | |
| domain | gitcodes.io | — | 2025-06-06 | |
| domain | gitcodes.net | — | 2025-06-06 | |
| domain | gitcodes.org | — | 2025-06-06 | |
| domain | gitpaste.com | — | 2025-06-06 | |
| domain | givcodes.com | — | 2025-06-06 | |
| domain | hubofnotion.com | — | 2025-06-06 | |
| domain | jeffsorsonblog.dev | — | 2025-06-06 | |
| domain | loyalcompany.net | — | 2025-06-06 | |
| domain | mhousecreative.com | — | 2025-06-06 | |
| domain | modedev.ai | — | 2025-06-06 | |
| domain | modedeveloper.ai | — | 2025-06-06 | |
| domain | modedeveloper.com | — | 2025-06-06 | |
| domain | modedevs.ai | — | 2025-06-06 | |
| domain | nsocks.net | — | 2025-06-06 | |
| domain | pasteco.com | — | 2025-06-06 | |
| domain | pastefy.com | — | 2025-06-06 | |
| domain | pastefy.net | — | 2025-06-06 | |
| domain | pastefy.pro | — | 2025-06-06 | |
| domain | tradingview-ai.dev | — | 2025-06-06 | |
| domain | tradingview-beta.dev | — | 2025-06-06 | |
| domain | tradingviewai.dev | — | 2025-06-06 | |
| domain | tradingviewbeta.dev | — | 2025-06-06 | |
| domain | tradingviewdev.com | — | 2025-06-06 | |
| domain | tradingviewindicator.dev | — | 2025-06-06 | |
| domain | tradingviewtool.com | — | 2025-06-06 | |
| domain | tradingviewtoolz.com | — | 2025-06-06 | |
| domain | tradingviewtradingview.dev | — | 2025-06-06 |