← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect — Elastic Security Labs
WHITE CyberHunter_NL 2026-03-20 Modified: 2026-04-19
14
IOCs
MEDIUM VOLUME
silentconnectgoogle drivecloudflarevbscript filebelowuac bypasssecurity labscaptcha pagepowershellscreenconnectdefendervirustotalagenttools
Indicators of Compromise (14)
All FileHash-SHA256 URL YARA domain email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 281226ca0203537fa422b17102047dac314bc0c466ec71b2e6350d75f968f2a3 2026-03-20
FileHash-SHA256 349e78de0fe66d1616890e835ede0d18580abe8830c549973d7df8a2a7ffdcec 2026-03-20
FileHash-SHA256 81956d08c8efd2f0e29fd3962bcf9559c73b1591081f14a6297e226958c30d03 2026-03-20
FileHash-SHA256 8bab731ac2f7d015b81c2002f518fff06ea751a34a711907e80e98cf70b557db 2026-03-20
FileHash-SHA256 adc1cf894cd35a7d7176ac5dab005bea55516bc9998d0c96223b6c0004723c37 2026-03-20
FileHash-SHA256 c3d4361939d3f6cf2fe798fef68d4713141c48dce7dd29d3838a5d0c66aa29c7 2026-03-20
URL http://imansport.ir/download_invitee.php 2026-03-20
URL http://solpru.com/process/docusign.html 2026-03-20
URL https://bumptobabeco.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest' 2026-03-20
YARA 1b576ebba5b7bbd023eea1b15dac1ed3fb76a211 2026-03-20
domain bumptobabeco.top 2026-03-20
domain imansport.ir 2026-03-20
domain solpru.com 2026-03-20
email dan@checkfirst.net.au 2026-03-20
References (1)
↗ https://www.elastic.co/security-labs/silentconnect-delivers-screenconnect