Pulse Detail — Threat Intelligence

PULSE NAME

IOC - Unpacking NetSupport RAT Loaders Delivered via ClickFix

WHITE celestre 2025-10-27 Modified: 2025-11-23

108

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1204.002 T1553.002 T1218.007 T1106 T1140 T1059.001 T1547.001 T1027 T1071.001 T1105

MALWARE FAMILIES

NetSupport Manager

Indicators of Compromise (108)

All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE URL hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	cromvix.com	—	2025-10-27
FileHash-MD5	1542df483ad5e2965fe768402eddae58	—	2025-10-27
FileHash-MD5	1c19c2e97c5e6b30de69ee684e6e5589	—	2025-10-27
FileHash-MD5	224bcc0a40cc43add82f5b03a11e59e3	—	2025-10-27
FileHash-MD5	290c26b1579fd3e48d60181a2d22a287	—	2025-10-27
FileHash-MD5	64f1310f6300870f1c81792733e92e5e	—	2025-10-27
FileHash-MD5	8bdcbba121984169948dfd09c629d6ae	—	2025-10-27
FileHash-MD5	9fe9416c45e183554e41fda8340e3338	—	2025-10-27
FileHash-MD5	beaac58fbfb2c65866cdf69cd785a48b	—	2025-10-27
FileHash-MD5	c4f1b50e3111d29774f7525039ff7086	—	2025-10-27
FileHash-MD5	cb08519e5cf5e95074c4d50bb4b87ca0	—	2025-10-27
FileHash-MD5	ee75b57b9300aab96530503bfae8a2f2	—	2025-10-27
FileHash-MD5	fce17b987f321dce852c8a52116e7eb6	—	2025-10-27
FileHash-SHA1	0448ec0d30fc0ee4fca250b81004198e49d8847d	—	2025-10-27
FileHash-SHA1	06c1b477be2d08aac95d9682c8ae75871a816bdc	—	2025-10-27
FileHash-SHA1	1adcd07caff87ff9b0598ebc2d48bcc86aa89bd6	—	2025-10-27
FileHash-SHA1	26db96346e6c160db0badaaa68cae8d4a3a9b7a2	—	2025-10-27
FileHash-SHA1	4fbf867e3c691edc4cadaa7f637b37b727368911	—	2025-10-27
FileHash-SHA1	5734ef7f9e4dba0639c98881e00f03eea35a62ee	—	2025-10-27
FileHash-SHA1	57539c95cba0986ec8df0fcdea433e7c71b724c6	—	2025-10-27
FileHash-SHA1	9683a2a0336b9f37eaac199b18f9f284a22cf7b2	—	2025-10-27
FileHash-SHA1	98dd757e1c1fa8b5605bda892aa0b82ebefa1f07	—	2025-10-27
FileHash-SHA1	9c7c0360402f816f9f1f12700e5e110d15ccfd9d	—	2025-10-27
FileHash-SHA1	e4c91a7f161783c68cf67250206047f23bd25a29	—	2025-10-27
FileHash-SHA1	e9943b73cc66fc0a561d477a05d76cea5f5fb966	—	2025-10-27
FileHash-SHA256	03401e4637259a56561ad3f18cc76933345f6a3c8d64dc44fc6751052471b551	—	2025-10-27
FileHash-SHA256	06a0a243811e9c4738a9d413597659ca8d07b00f640b74adc9cb351c179b3268	—	2025-10-27
FileHash-SHA256	168f1b974b31df0889e6dbe75f0fe8486cf932d72f0d6ad8348c97a2e537a738	—	2025-10-27
FileHash-SHA256	18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d	—	2025-10-27
FileHash-SHA256	2799454ff46c3eb1b94278c7f5de53621665d8953dd478ecab939fc06a23343e	—	2025-10-27
FileHash-SHA256	2e06ca68558d2f40d3fa262be8531f9621de3889d9cb2c3195be734a782fd4d2	—	2025-10-27
FileHash-SHA256	312a0e4db34a40cb95ba1fac8bf87deb45d0c5f048d38ac65eb060273b07df67	—	2025-10-27
FileHash-SHA256	31804c48f9294c9fa7c165c89e487bfbebeda6daf3244ad30b93122bf933c79c	—	2025-10-27
FileHash-SHA256	37d1d033e19cf9dc7313846d9d4026b03d2f822efccd963e5697e9633a4df0d0	—	2025-10-27
FileHash-SHA256	5c2aad823a0b3757889967c98acd6515eee5aaf20164b082cdf817598d5e7136	—	2025-10-27
FileHash-SHA256	69ec5513e1edc5e450b4b0fbe782e25fadb89c787383da9ceca415301d3e8fb4	—	2025-10-27
FileHash-SHA256	6b4219acaa29bb1b028a57c291dec2505d48ff75dbc308bfdb5b995cb255fefb	—	2025-10-27
FileHash-SHA256	860393e31788499f8774be83c65bcf29658cc77bf96ee2f4c86b065aedbf77de	—	2025-10-27
FileHash-SHA256	959e229a9308aff3104e46db178a7d8e28f5083c24cdedb41f760afb1a38e70f	—	2025-10-27
FileHash-SHA256	973836529b57815903444dd5d4b764e8730986b1bd87179552f249062ee26128	—	2025-10-27
FileHash-SHA256	a417f700fd5c8d36a13b2edec341827f6f05bc24f045429225a08a112f140f68	—	2025-10-27
FileHash-SHA256	a823031ba57d0e5f7ef15d63fe93a05ed00eadfd19afc7d2fed60f20e651a8bb	—	2025-10-27
FileHash-SHA256	ab9689e59785fa63570b9e3750c39aa778f9e9cd671691f198130eadf8f6602d	—	2025-10-27
FileHash-SHA256	afc45cc0df7f7e481bff45c6f62a6418b6ae4c8b474ec36113e05ab7ca7e2743	—	2025-10-27
FileHash-SHA256	d5b13eb9e8afb79b4d7830caf3ac746637e5bda1752962e5bd0aed3352cc4a42	—	2025-10-27
FileHash-SHA256	d7b46caebba2157fa58f06d9b6571939e4d51882dc8000c8c264a585b5eedf98	—	2025-10-27
FileHash-SHA256	de5daba9d7b428addd0a4981a10562e104098443d21ad2ddc224a03b2672be35	—	2025-10-27
FileHash-SHA256	fd54baae445d9b79b5af9958440203ce99de2302228dc135f7f0e1ac2efd4324	—	2025-10-27
FileHash-SHA256	fda64df771aa9afc4c9ac7b3aaaf3a2020851acc3b51d6adf8cb7a32b766c9a4	—	2025-10-27
domain	2beinflow.com	—	2025-10-27
domain	amxdh1.icu	—	2025-10-27
domain	ayzyw.top	—	2025-10-27
domain	benafaciario.com	—	2025-10-27
domain	bylistening.com	—	2025-10-27
domain	camplively.com	—	2025-10-27
domain	care4hygiene.com	—	2025-10-27
domain	caribemove.com	—	2025-10-27
domain	chiklx.com	—	2025-10-27
domain	cuenten.com	—	2025-10-27
domain	cuoreincomune.com	—	2025-10-27
domain	curemile.com	—	2025-10-27
domain	deepholeintheworld.com	—	2025-10-27
domain	eddereklam.com	—	2025-10-27
domain	ejays.com	—	2025-10-27
domain	exemplar-industry.com	—	2025-10-27
domain	fivepathways.com	—	2025-10-27
domain	freaner.com	—	2025-10-27
domain	frontiersecu.com	—	2025-10-27
domain	gcsglaw.com	—	2025-10-27
domain	haidao10.top	—	2025-10-27
domain	jelaromo.com	—	2025-10-27
domain	jiezishijie.top	—	2025-10-27
domain	kamagrafr.icu	—	2025-10-27
domain	lastmychancetoss.com	—	2025-10-27
domain	lordphoenix.net	—	2025-10-27
domain	mawp.us	—	2025-10-27
domain	michellegraci.com	—	2025-10-27
domain	nicewk.com	—	2025-10-27
domain	olbanha.com	—	2025-10-27
domain	oljaeinfalt.com	—	2025-10-27
domain	pennylamont.com	—	2025-10-27
domain	poormet.com	—	2025-10-27
domain	regopramide.top	—	2025-10-27
domain	surethinks.com	—	2025-10-27
domain	territoirespaysagistes.com	—	2025-10-27
domain	todocarritos.top	—	2025-10-27
domain	uncustomary.org	—	2025-10-27
domain	utahlvs.com	—	2025-10-27
domain	vietnam24hvoyage.com	—	2025-10-27
domain	wavob.top	—	2025-10-27
domain	westford-systems.icu	—	2025-10-27
domain	yourcialsupply.top	—	2025-10-27
CVE	CVE-2025-61882	—	2025-10-27
FileHash-MD5	2f0125ebef13328bfd11bcd6f3a0617a	—	2025-10-27
FileHash-SHA1	3bac11e7cedb4b5126ebba373106e0a07408d1d5	—	2025-10-27
FileHash-SHA256	94c2f209e5710fe5b2d2c6ac8ab6060db67627331ca11c1394fbded2875d039f	—	2025-10-27
FileHash-SHA256	f3f44fd37502cd4b16bca3c3fb1e88a687bd2980926017b0ff1752dc601d4c1e	—	2025-10-27
FileHash-SHA256	f81220b94384e98203d230fe6a386b6047157474d16f7e75e0f4ffb6d8bdcde3	—	2025-10-27
URL	https://global-weekends.net/res/helprecord	—	2025-10-27
URL	https://riverlino.com/U.GRE';$j=$env:TEMP+'\1.ps1';	—	2025-10-27
URL	https://stradomi.com/res/presentjudge	—	2025-10-27
URL	https://xunira.cloud/C.GRE'	—	2025-10-27
FileHash-SHA1	caa4fe424a1e4993bcaaa226fa193f4af951374a	—	2025-10-27
domain	global-weekends.net	—	2025-10-27
domain	riverlino.com	—	2025-10-27
domain	stradomi.com	—	2025-10-27
domain	xunira.cloud	—	2025-10-27
hostname	cdn.westford-computing6.net	—	2025-10-27

References (1)

↗ https://www.esentire.com/blog/unpacking-netsupport-rat-loaders-delivered-via-clickfix