← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC -A fake FileZilla site hosts a malicious download
WHITE celestre 2026-03-04 Modified: 2026-04-02
8
IOCs
LOW VOLUME
filezillawindowsftp clientdllsprocess monitorname notfoundnotepad updatefilezilla sitedll searchstefancompromiseiocsfilesha256domainsnetworkc2 server
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (8)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 9d7c559f1885ede6911611165eff07f7 MD5 of e4c6f8ee8c946c6bd7873274e6ed9e41dec97e05890fa99c73f4309b60fd3da4 2026-03-04
FileHash-SHA1 698df970335e724c97acc900016755ab5e4c94f2 SHA1 of e4c6f8ee8c946c6bd7873274e6ed9e41dec97e05890fa99c73f4309b60fd3da4 2026-03-04
FileHash-SHA256 665cca285680df321b63ad5106b167db9169afe30c17d349d80682837edcc755 2026-03-04
FileHash-SHA256 e4c6f8ee8c946c6bd7873274e6ed9e41dec97e05890fa99c73f4309b60fd3da4 2026-03-04
URL http://95.216.51.236:31415 2026-03-04
URL https://welcome.supp0v3.com/d/callback?utm_tag=tbs2&utm_source=dll 2026-03-04
domain filezilla-project.live 2026-03-04
hostname welcome.supp0v3.com 2026-03-04
References (1)
↗ https://www.malwarebytes.com/blog/threat-intel/2026/03/a-fake-filezilla-site-hosts-a-malicious-download