← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Winos4.0 malware disguised as KakaoTalk installation file
WHITE PetrP.73 2026-03-18 Modified: 2026-04-17
13
IOCs
MEDIUM VOLUME
The Winos4.0 malware is currently being disseminated through a search engine optimization (SEO) poisoning technique, where malicious sites are manipulated to rank highly in search results for credible software, specifically masquerading as an installation file for KakaoTalk. Recent reports confirm that over 5,000 devices have been infected by this malware, which initially appeared on March 9th. The malware pretends to be a KakaoTalk installer while secretly executing harmful activities upon installation.
shellcodepoisoningappdatansisdcryptdllseo poisoningahnlabcenterasecbingloader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (13)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0ab84f52d043f7a7af54bd4df0331d64 2026-03-18
FileHash-MD5 108849450dd8410bf6217c9a7af82ab3 2026-03-18
FileHash-MD5 29152e0473edef5defc6752dabd0c53d 2026-03-18
FileHash-MD5 56ad524a33e5bb1ae8fee88d41b33294 2026-03-18
FileHash-MD5 8cad997c53fa31274ef0f542535c83b3 2026-03-18
FileHash-SHA1 3249ec00233573f42a143bd1174b9fc410f200b7 SHA1 of 8cad997c53fa31274ef0f542535c83b3 2026-03-18
FileHash-SHA1 952ffa71595f56f58d0a392e0e86c6bf8c2a8aad SHA1 of 108849450dd8410bf6217c9a7af82ab3 2026-03-18
FileHash-SHA256 be5a5e44ddcc8eb6d94fdb484246a4d3a6b41568bec7eb825ac633b9a27dcd44 SHA256 of 108849450dd8410bf6217c9a7af82ab3 2026-03-18
FileHash-SHA256 dffbf02773670e3dc6fad1e7fdbd746f43721bdedbfefc1d1f8a21e61ea23f95 SHA256 of 8cad997c53fa31274ef0f542535c83b3 2026-03-18
URL https://download.i96l6.top/KakaoTalk_Setup_patched.rar 2026-03-18
URL https://pc-kakaocorp.com 2026-03-18
domain pc-kakaocorp.com 2026-03-18
hostname download.i96l6.top 2026-03-18
References (1)
↗ https://asec.ahnlab.com/ko/92924/