← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Thor Lite - 07.27.25 - APT Detections [un-enriched]
WHITE Disable_Duck 2025-07-28 Modified: 2025-08-28
14595
IOCs
HIGH VOLUME
Thor Lite Scan on Windows PC (a psuedo mirror of sorts) of a University of Alberta, Alberta Health Services, Covenant Health, Government of Alberta Portable Workstation. Files uploaded to VT. Updated Note: Included IOCs from Filescanio Ran files through: Neiki, FileScanio, Polyswarm, Triage, Metadefender, Hybrid Analysis, Threatzone, Virustotal TPs = This Pulse - IOCs from references
datauploadsg2backup driveno problemsproblems1supportavastprogressbfilesonedrivenoprobssg2susstrashfallCovenant HealthAHSAlberta Health ServicesRogersUAlbertaAPTEdmontonTelus
Indicators of Compromise (31 / 14595 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain URL CVE email hostname
TYPEINDICATORDESCRIPTIONCREATED
email ncuomo@studenti.unina.it 2025-07-28
email gssincla@google.com 2025-07-28
email pentestmonkey@pentestmonkey.net 2025-07-28
email ncuomo@studenti.unina.it 2025-07-28
email no42_mdmscdos@proton.me 2025-07-28
email support@synaptics.com 2025-07-28
email support@validityinc.com 2025-07-28
email ncuomo@studenti.unina.it 2025-07-29
email no42_mdmscdos@proton.me 2025-07-29
email support@synaptics.com 2025-07-29
email support@validityinc.com 2025-07-29
email gssincla@google.com 2025-07-29
email pentestmonkey@pentestmonkey.net 2025-07-29
email ncuomo@studenti.unina.it 2025-07-29
email no42_mdmscdos@proton.me 2025-07-29
email support@synaptics.com 2025-07-29
email support@validityinc.com 2025-07-29
email gssincla@google.com 2025-07-29
email pentestmonkey@pentestmonkey.net 2025-07-29
email ncuomo@studenti.unina.it 2025-07-29
email no42_mdmscdos@proton.me 2025-07-29
email support@synaptics.com 2025-07-29
email support@validityinc.com 2025-07-29
email gssincla@google.com 2025-07-29
email pentestmonkey@pentestmonkey.net 2025-07-29
email ncuomo@studenti.unina.it 2025-07-29
email no42_mdmscdos@proton.me 2025-07-29
email support@synaptics.com 2025-07-29
email support@validityinc.com 2025-07-29
email gssincla@google.com 2025-07-29
email pentestmonkey@pentestmonkey.net 2025-07-29
References (20)
↗ Bitch-On-Wheels_files_md5s.csv ↗ 832dde85e22a6de8081cdb46fcc7d8f2ae104bbdae54c5dc75d2a6272a0bd431 ↗ f66f2b730bec1c6927aa86503dfb22fc8d03a2f9e871ae6269d2a3ed29dc48e5 ↗ 902574c9ffd06678d769ae3db96b3957269c45617ad8e2feead4d02f5f3da106 ↗ https://hybrid-analysis.com/sample/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb ↗ https://tria.ge/250729-s1vysaywgy ↗ https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3 ↗ https://polyswarm.network/scan/results/file/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb ↗ https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/a3528542-a121-4351-91fe-de5aab327fe2/overview ↗ https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/3c22777d-9fa3-4d67-a00a-8aa505154874/overview ↗ https://metadefender.com/results/file/bzI1MDcyOV9QRkdmNWZwSkhvMG11YWczRVZMRw_mdaas ↗ https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/5fdda54a-0164-4d4e-a248-d07ec3780d8a/overview ↗ https://app.threat.zone/submission/ef60d9bd-bd97-4859-8e58-4f670d1f1783/overview ↗ https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/21f7ed2c-7815-49f0-8697-998b341df34a/overview ↗ https://tip.neiki.dev/file/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb ↗ https://hybrid-analysis.com/sample/f66f2b730bec1c6927aa86503dfb22fc8d03a2f9e871ae6269d2a3ed29dc48e5 ↗ https://hybrid-analysis.com/sample/902574c9ffd06678d769ae3db96b3957269c45617ad8e2feead4d02f5f3da106/6888ec5bd7a73585560d2ddd ↗ https://hybrid-analysis.com/sample/832dde85e22a6de8081cdb46fcc7d8f2ae104bbdae54c5dc75d2a6272a0bd431/6888ec5cfd974c2a5b0f1cfa ↗ https://hybrid-analysis.com/sample/12f05b32365a6fc40b30d108ea0dc730f662c6ee48c0feccf7cb43263a0a8166/6888ec5d423dabf7de0872d7