← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Malware That Must Not Be Named: Suspected Espionage Campaign D clone credit AustinBH
WHITE msudosos 2026-03-27 Modified: 2026-03-27
36
IOCs
MEDIUM VOLUME
google sheetvoldemortproofpointcobalt strikewebdav shareuuidgoogle sheetsaugustgoogle drivepython codewebdavpythonserviceclickpowershelltestwebexratsformatexplorermalwarestubcodewin64defense
Indicators of Compromise (36)
All FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 0b3235db7e8154dd1b23c3bed96b6126d73d24769af634825d400d3d4fe8ddb9 2026-03-27
FileHash-SHA256 3fce52d29d40daf60e582b8054e5a6227a55370bed83c662a8ff2857b55f4cea 2026-03-27
FileHash-SHA256 561e15a46f474255fda693afd644c8674912df495bada726dbe7565eae2284fb 2026-03-27
FileHash-SHA256 6bdd51dfa47d1a960459019a960950d3415f0f276a740017301735b858019728 2026-03-27
FileHash-SHA256 fa383eac2bf9ad3ef889e6118a28aa57a8a8e6b5224ecdf78dcffc5225ee4e1f 2026-03-27
URL http://83.147.243.18/p/ 2026-03-27
URL http://83.147.243.18/p/7c31e3ebfb77ead34ea71900b1b0/stage2-2/[base64 2026-03-27
URL https://od.lk/s/OTRfNzQ5NjQwOTJf/test.png 2026-03-27
URL https://od.lk/s/OTRfODM3MjM2NzVf/La_dichiarazione_precompilata_2024.pdf 2026-03-27
URL https://od.lk/s/OTRfODM5Mzc3NjFf/irs-p966.pdf 2026-03-27
URL https://od.lk/s/OTRfODQ1NDc2MjZf/SA150_Notes_2024.pdf 2026-03-27
URL https://od.lk/s/OTRfODQ1Njk2ODVf/2044_4765.pdf 2026-03-27
URL https://od.lk/s/OTRfODQ1NzA0Mjlf/einzelfragen_steuerbescheinigungen_de.pdf 2026-03-27
URL https://od.lk/s/OTRfODQ4ODE4OThf/logo.png 2026-03-27
URL https://od.lk/s/OTRfODQ5MzQ5Mzlf/ABC_of_Tax.pdf 2026-03-27
URL https://pubs.infinityfreeapp.com/IRS_P966.html 2026-03-27
URL https://pubs.infinityfreeapp.com/La_dichiarazione_precompilata_2024.html 2026-03-27
URL https://pubs.infinityfreeapp.com/Notice_pour_remplir_la_N%C2%B0_2044.html 2026-03-27
URL https://pubs.infinityfreeapp.com/SA150_Notes_2024.html 2026-03-27
URL https://pubs.infinityfreeapp.com/Steuerratgeber.html 2026-03-27
URL https://resource.infinityfreeapp.com/0023012-317.html 2026-03-27
URL https://resource.infinityfreeapp.com/ABC_of_Tax.html 2026-03-27
domain ideasworkshop.it 2026-03-27
domain joshsznapstajler.com 2026-03-27
domain pingb.in 2026-03-27
domain tblsys.com 2026-03-27
email no_reply_irs.gov@amecaindustrial.com 2026-03-27
hostname invasion-prisoners-inns-aging.trycloudflare.com 2026-03-27
hostname pants-graphs-optics-worse.trycloudflare.com 2026-03-27
hostname pubs.infinityfreeapp.com 2026-03-27
hostname recall-addressed-who-collector.trycloudflare.com 2026-03-27
hostname resource.infinityfreeapp.com 2026-03-27
hostname ride-fatal-italic-information.trycloudflare.com 2026-03-27
hostname ways-sms-pmc-shareholders.trycloudflare.com 2026-03-27
URL https://sheets.googleapis.com:443/v4/spreadsheets/16JvcER-0TVQDimWV56syk91IMCYXOvZbW4GTnb947eE/ 2026-03-27
hostname 962194083343-nevo9pjnlr7cgirjs1eonpebakrlq3qc.apps.googleusercontent.com 2026-03-27
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort