← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - FakeGit: LuaJIT malware distributed via GitHub at scale
A Vietnamese-speaking operator has been distributing LuaJIT-based malware through GitHub since March 2025. The repos impersonate cracked browser extensions for SaaS tools, gaming cheats, developer utilities, and adult content. Each contains a ZIP archive with a LuaJIT loader chain. BitDefender tracks the archives as Gen:Heur.FakeGit.1 (as of March 2026). ESET tracks the Lua payloads as Lua/Agent.Z through Lua/Agent.BT (as of March 2026) -- 16 distinct obfuscator generations across the campaign.
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Lua
Indicators of Compromise (75)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 00f60ee3ff2dee681b5d7d442009b2c2 | MD5 of 5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953 | 2026-03-10 | |
| FileHash-MD5 | 1fed6eb66a2351f5032a467ad1ff27c5 | MD5 of 2c5d4e26385d968570ffe8c602e431bd7fc88c3f637d0b1736ee7326c754b9ab | 2026-03-10 | |
| FileHash-MD5 | 4ebd617a3ad9a9619172bd14a902a400 | MD5 of c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac | 2026-03-10 | |
| FileHash-MD5 | 6642d0d5c321637c1fe4d714fa585453 | MD5 of 1f546f1b4b2cd404fdd2ba9b52223ecf935ad26588993f703bef69db4c94034e | 2026-03-10 | |
| FileHash-MD5 | 690d7c8018b8dc14efc22f52f3c3d0ae | MD5 of 365d1b01cd5e605f6e7d39b192aaf56040176f2bce6eaec0fc11584850793a83 | 2026-03-10 | |
| FileHash-MD5 | 7b69212e0f9e632a75659140e1fafb18 | MD5 of 89730887d1ac7aab9e37d590081a5c9c56fa3f79b24960bff3f9cdabb0486424 | 2026-03-10 | |
| FileHash-MD5 | 85d426d8cedc9261000de61b8692e05d | MD5 of ac5885b78810a7bf987ff6674f6717059e227df9c969b9fb46d00b2c0de1ba74 | 2026-03-10 | |
| FileHash-MD5 | 8a66481ffaf76100e8a1971b27ebee82 | MD5 of 61f5e68f1dc91eee925af875bf511de0de1483a8e663567c22ca4bc568808341 | 2026-03-10 | |
| FileHash-MD5 | a5edd208f0f92184a06b9dfb8eb5acee | MD5 of 2ea6200c846af534a07338a803acf7f49520abf59b2ae82a701a24e7fada0b97 | 2026-03-10 | |
| FileHash-MD5 | b1535d38c1501d670ee19bfacdf12fd3 | MD5 of 88ec32a311b56441cfe6126b7780f073f36dfb8808de0dab9219d1a0be9c01ac | 2026-03-10 | |
| FileHash-MD5 | b67e7e170c4e0163917772849582cb5d | MD5 of a3e6236fa517f863ea551e17fcedcfc22df23e044dcd4863e6ddf3ef00966596 | 2026-03-10 | |
| FileHash-MD5 | b9c3f7efd325c8df5530424182106713 | MD5 of dce5fc61e153377bb42b53b7dfca841399dd5c94d5fdf2631617a6df8c7cded1 | 2026-03-10 | |
| FileHash-MD5 | bed57662419fa3856cac1e633a60facc | MD5 of b0ca436fef7c39e0f6ebd93989d38b9a58eb4d1cf83ab45d7b07d70794a59e6d | 2026-03-10 | |
| FileHash-MD5 | bff3a81de5ffacbeddd5de793cede666 | MD5 of f3e34c9e36f3be065d80d456281d31dd1cc85eb4980db7fa8c1b0eb6f29c25d8 | 2026-03-10 | |
| FileHash-MD5 | c73ba3c796aa5bbd96674feb2bc030e2 | MD5 of acdd9ac3d55c4b1e12a239331145665d9eddf84a7a34fccac164f8afd006f875 | 2026-03-10 | |
| FileHash-MD5 | ca63d5423c1be2eda0f7f5624b1b0f92 | MD5 of 4508b938d16e16585d4065d10ba5890f380a9d7e82d1ae0246bae41937d17add | 2026-03-10 | |
| FileHash-MD5 | ce7f9311e63d298cbc1b948fe8da54d8 | MD5 of ebb0c76a03b8bb0ba246b8b31143f4462b4c3b0b3b5d581c499b4c3a484fd792 | 2026-03-10 | |
| FileHash-MD5 | e3dc99990b09c552d005fe8de3b547d9 | MD5 of ef224f48255771d28b15169d60c8b0a925875dba15b3bd245c0b34d77290120d | 2026-03-10 | |
| FileHash-SHA1 | 0655789f766d72e8e727a20b23fd1ad96af13a8a | SHA1 of a3e6236fa517f863ea551e17fcedcfc22df23e044dcd4863e6ddf3ef00966596 | 2026-03-10 | |
| FileHash-SHA1 | 270f66d2c84ee86ff4b07c6220c51abd4897b5f0 | SHA1 of c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac | 2026-03-10 | |
| FileHash-SHA1 | 33b401b545188397630f76e54a5be86aa6d789c9 | SHA1 of 61f5e68f1dc91eee925af875bf511de0de1483a8e663567c22ca4bc568808341 | 2026-03-10 | |
| FileHash-SHA1 | 3a095792bf734da1a67bac12678d3c4d094fc79f | SHA1 of ebb0c76a03b8bb0ba246b8b31143f4462b4c3b0b3b5d581c499b4c3a484fd792 | 2026-03-10 | |
| FileHash-SHA1 | 4ac4218f4a27bb1e0eb5e6d15c16d7c936eb7630 | SHA1 of acdd9ac3d55c4b1e12a239331145665d9eddf84a7a34fccac164f8afd006f875 | 2026-03-10 | |
| FileHash-SHA1 | 4ac9c168cb3942cd0840af555b2fb89543f0ef3a | SHA1 of 88ec32a311b56441cfe6126b7780f073f36dfb8808de0dab9219d1a0be9c01ac | 2026-03-10 | |
| FileHash-SHA1 | 6b01e8718263bb11c9d2e45cc8cf88b46b4ff29d | SHA1 of ac5885b78810a7bf987ff6674f6717059e227df9c969b9fb46d00b2c0de1ba74 | 2026-03-10 | |
| FileHash-SHA1 | 6bed087c6b30d511e88b19166673fc8c18f94ddc | SHA1 of b0ca436fef7c39e0f6ebd93989d38b9a58eb4d1cf83ab45d7b07d70794a59e6d | 2026-03-10 | |
| FileHash-SHA1 | 7f24a8968a61b2efc48308eca0aa95939fc7092d | SHA1 of 2c5d4e26385d968570ffe8c602e431bd7fc88c3f637d0b1736ee7326c754b9ab | 2026-03-10 | |
| FileHash-SHA1 | 9248b0928bc5f821bdc8994b0b4ce244209fd65a | SHA1 of dce5fc61e153377bb42b53b7dfca841399dd5c94d5fdf2631617a6df8c7cded1 | 2026-03-10 | |
| FileHash-SHA1 | b8ed0237a3938c4722a4f725e7a80d54b9246a27 | SHA1 of 365d1b01cd5e605f6e7d39b192aaf56040176f2bce6eaec0fc11584850793a83 | 2026-03-10 | |
| FileHash-SHA1 | c2fccea540ed7ec1d2dfd7628c57d5eebc3da75a | SHA1 of 1f546f1b4b2cd404fdd2ba9b52223ecf935ad26588993f703bef69db4c94034e | 2026-03-10 | |
| FileHash-SHA1 | d2779920df86dbc66d89dc793a50c857d388b3cf | SHA1 of 2ea6200c846af534a07338a803acf7f49520abf59b2ae82a701a24e7fada0b97 | 2026-03-10 | |
| FileHash-SHA1 | d49590bfb8b160595382339433535c481ce425ac | SHA1 of f3e34c9e36f3be065d80d456281d31dd1cc85eb4980db7fa8c1b0eb6f29c25d8 | 2026-03-10 | |
| FileHash-SHA1 | f2d79d91fe07953a36d81b106200eee13e4579e9 | SHA1 of 89730887d1ac7aab9e37d590081a5c9c56fa3f79b24960bff3f9cdabb0486424 | 2026-03-10 | |
| FileHash-SHA1 | f5199b4191add11d02d58f521cbea21465b7ff6b | SHA1 of 5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953 | 2026-03-10 | |
| FileHash-SHA1 | f695bcf43404ea1eb18d6110ad3f0d1c2124957e | SHA1 of 4508b938d16e16585d4065d10ba5890f380a9d7e82d1ae0246bae41937d17add | 2026-03-10 | |
| FileHash-SHA1 | ffca5548df01907819e170ece6743fba095094f2 | SHA1 of ef224f48255771d28b15169d60c8b0a925875dba15b3bd245c0b34d77290120d | 2026-03-10 | |
| FileHash-SHA256 | 0476281e2ed8cca25b881092334c2aa7bca82c4be9819fcb9cefe8027e532f1e | — | 2026-03-10 | |
| FileHash-SHA256 | 1f546f1b4b2cd404fdd2ba9b52223ecf935ad26588993f703bef69db4c94034e | — | 2026-03-10 | |
| FileHash-SHA256 | 2ad929f97ae428864a4e74c8f44c9aa392f8e044ae960b6906ffac9bfcb2a43c | — | 2026-03-10 | |
| FileHash-SHA256 | 2c5d4e26385d968570ffe8c602e431bd7fc88c3f637d0b1736ee7326c754b9ab | — | 2026-03-10 | |
| FileHash-SHA256 | 2d92df6beff6ccdb68272adedc1673ea12c1a19efecb77a16f9161ecda56ae8b | — | 2026-03-10 | |
| FileHash-SHA256 | 2ea6200c846af534a07338a803acf7f49520abf59b2ae82a701a24e7fada0b97 | — | 2026-03-10 | |
| FileHash-SHA256 | 365d1b01cd5e605f6e7d39b192aaf56040176f2bce6eaec0fc11584850793a83 | — | 2026-03-10 | |
| FileHash-SHA256 | 37f60b7923dae8ab38bb72ccfe94bf06c3266202d4881e9d2e0ac28abcd85b25 | — | 2026-03-10 | |
| FileHash-SHA256 | 4508b938d16e16585d4065d10ba5890f380a9d7e82d1ae0246bae41937d17add | — | 2026-03-10 | |
| FileHash-SHA256 | 5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953 | — | 2026-03-10 | |
| FileHash-SHA256 | 57cc3f7b14c761fcc4a3713a58c1161356fed27fb0cbc04d56bbe6a3ee43f605 | — | 2026-03-10 | |
| FileHash-SHA256 | 61ab1d22949eac0582e989ae065ec4caee9ac99998276317edda96735cd311fb | — | 2026-03-10 | |
| FileHash-SHA256 | 61f5e68f1dc91eee925af875bf511de0de1483a8e663567c22ca4bc568808341 | — | 2026-03-10 | |
| FileHash-SHA256 | 63c8cedc49339dd788dbc25f851dfce5219045aef80dd9bd17343948fb73f954 | — | 2026-03-10 | |
| FileHash-SHA256 | 7625f9ae947f8cb3d7ed463694db72bd3eb07d1792e1a85232b1933370b9562b | — | 2026-03-10 | |
| FileHash-SHA256 | 772ce19206d35699b4d2693c59f8c0bd1a927f287f8bf98bd14d65f1ff248828 | — | 2026-03-10 | |
| FileHash-SHA256 | 88ec32a311b56441cfe6126b7780f073f36dfb8808de0dab9219d1a0be9c01ac | — | 2026-03-10 | |
| FileHash-SHA256 | 89730887d1ac7aab9e37d590081a5c9c56fa3f79b24960bff3f9cdabb0486424 | — | 2026-03-10 | |
| FileHash-SHA256 | 8b5d6ff49034626532fbf5d2b9f4ffeee53facde63252e3c8aaa89f05029b8d4 | — | 2026-03-10 | |
| FileHash-SHA256 | 8cede35b80b1deaf732c2b178d908f91b3e7a0c114d06dfae9075b8a9bf78b8f | — | 2026-03-10 | |
| FileHash-SHA256 | a3bc1a47f6bd9782dc594ef10feef0ee8c422a1cd06a5ddc429c61fdfa81b567 | — | 2026-03-10 | |
| FileHash-SHA256 | a3e6236fa517f863ea551e17fcedcfc22df23e044dcd4863e6ddf3ef00966596 | — | 2026-03-10 | |
| FileHash-SHA256 | a563a7df740bce2bda1231cebb4ed136813df43361de17c224b97af9941ee0c4 | — | 2026-03-10 | |
| FileHash-SHA256 | ac5885b78810a7bf987ff6674f6717059e227df9c969b9fb46d00b2c0de1ba74 | — | 2026-03-10 | |
| FileHash-SHA256 | acdd9ac3d55c4b1e12a239331145665d9eddf84a7a34fccac164f8afd006f875 | — | 2026-03-10 | |
| FileHash-SHA256 | b0ca436fef7c39e0f6ebd93989d38b9a58eb4d1cf83ab45d7b07d70794a59e6d | — | 2026-03-10 | |
| FileHash-SHA256 | b4f46436037bf0c12eb047d87999c956b09c5cf58d03221190f21e5ce7f97a81 | — | 2026-03-10 | |
| FileHash-SHA256 | c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac | — | 2026-03-10 | |
| FileHash-SHA256 | ca42898e885979196647b6e5c469461a25870c1f15ef5910d531f37f8f3f147f | — | 2026-03-10 | |
| FileHash-SHA256 | ce1e33483d353200a266b3bc383ccf500e5a760c6dcd8218747260f5bbe39509 | — | 2026-03-10 | |
| FileHash-SHA256 | dce5fc61e153377bb42b53b7dfca841399dd5c94d5fdf2631617a6df8c7cded1 | — | 2026-03-10 | |
| FileHash-SHA256 | e2e3768af9e40610b030644486f7434c892bf6ff273732c96f43c9e9401d3aca | — | 2026-03-10 | |
| FileHash-SHA256 | e33f444edb92a0d5f01b040dd06520092c0d52a431bbb4e6c2f9e6e71265098c | — | 2026-03-10 | |
| FileHash-SHA256 | ead242a036f033f0829afa33768814be168ae29431d9de479e63a80c4cf9f431 | — | 2026-03-10 | |
| FileHash-SHA256 | ebb0c76a03b8bb0ba246b8b31143f4462b4c3b0b3b5d581c499b4c3a484fd792 | — | 2026-03-10 | |
| FileHash-SHA256 | ef224f48255771d28b15169d60c8b0a925875dba15b3bd245c0b34d77290120d | — | 2026-03-10 | |
| FileHash-SHA256 | f3e34c9e36f3be065d80d456281d31dd1cc85eb4980db7fa8c1b0eb6f29c25d8 | — | 2026-03-10 | |
| kirk@derp.ca | — | 2026-03-10 | ||
| domain | layer1.icu | — | 2026-03-10 |