← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix macOS Malware Uses Fake CAPTCHA to Steal User Login Credentials
WHITE cryptocti 2025-08-10 Modified: 2025-09-09
19
IOCs
MEDIUM VOLUME
hashessha1
Indicators of Compromise (19)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 f191de728c4d1b9efb29909a62626285 MD5 of 43917e7dab6e09087de24f7878b9c1c1a7ec1968 2025-08-10
FileHash-SHA1 43917e7dab6e09087de24f7878b9c1c1a7ec1968 2025-08-10
FileHash-SHA256 d110059f5534360e58ff5f420851eb527c556badb8e5db87ddf52a42c1f1fe76 SHA256 of 43917e7dab6e09087de24f7878b9c1c1a7ec1968 2025-08-10
URL https://45.146.130.131/api/v1/bot/actions/ 2025-08-10
URL https://45.146.130.131/api/v1/bot/joinsystem 2025-08-10
URL https://45.146.130.131/api/v1/bot/repeat/ 2025-08-10
URL https://45.146.130.131/d/dayderry13027/ 2025-08-10
URL https://45.146.130.131/d/leopold51865/ 2025-08-10
URL https://45.146.130.131/d/leopold66209 2025-08-10
URL https://45.146.130.131/d/vipx14350/ 2025-08-10
URL https://45.146.130.131/log 2025-08-10
URL https://45.146.130.131/login 2025-08-10
URL https://45.146.130.131/otherassets/ 2025-08-10
URL https://45.146.130.131/otherassets/ledger.zip 2025-08-10
URL https://45.146.130.131/otherassets/plist/ 2025-08-10
URL https://45.146.130.131/otherassets/socks/ 2025-08-10
URL https://tradingviewen.com 2025-08-10
domain tradingviewen.com 2025-08-10
domain ledger.zip 2025-08-10