← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Dark Partners: The crypto heist adventure of Poseidon Stealer and Payday Loader.
WHITE Poseidon PetrP.73 2025-06-20 Modified: 2025-07-20
305
IOCs
HIGH VOLUME
A recent malware campaign attributed to unidentified threat actors, dubbed "Dark Partners," has been observed delivering malicious payloads targeting Windows and MacOS users. The campaign utilizes a loader known as "PayDay Loader," which primarily facilitates the distribution of infostealers, including the notorious Poseidon Stealer for MacOS. The origin of this malware can be traced back to impersonated websites mimicking well-known AI and VPN services, with notable emphasis on fostering user trust through familiar brands.
payday loadercfilerequirepromisegrabfolderdarkawaitc2 servernullbase64ffileloaderlumma stealererrorcryptodllimportinstallbypasspathstopphantomexodusharmonytrontempleposeidon’mdark partnerswindowslummanodejscybersecurity cryptocurrency
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
’m Dark Partners Windows Lumma NodeJS Cybersecurity Cryptocurrency Poseidon
Indicators of Compromise (3 / 305 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3d5312654bd7a7cc539cd25e9a2c7d3c MD5 of b5151e75e8e8af1519bef9111f2acbb24b290f0b1f9e7bc0518e9e6eac95f7cc 2025-06-20
FileHash-MD5 69925b133d4cb28da7c207c8f61a7c72 MD5 of 82d2b0397dba3749c0444a70a197edaf4c862d815f00c2c4b47746c8e11da4f7 2025-06-20
FileHash-MD5 f81818df31adcd478b1b577b7ce775a8 MD5 of f82be98ea43b62e983683c0494dc6abf7a155843363f0107d484247ff1c2520a 2025-06-20
References (1)
↗ https://g0njxa.medium.com/dark-partners-the-crypto-heist-adventure-of-poseidon-stealer-and-payday-loader-c91382fac5c8