← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Claude Code Leak Exploited to Spread Vidar and GhostSocks Malware
A massive source code leak of Anthropic’s Claude Code has been exploited to spread Vidar and GhostSocks malware through fake GitHub repositories.
Indicators of Compromise (12)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| IPv4 | 94.228.161.88 | CC=RU ASN=AS48467 pronet llc | 2026-04-04 | |
| FileHash-MD5 | 3388b415610f4ae018d124ea4dc99189 | — | 2026-04-04 | |
| FileHash-MD5 | 77c73bd5e7625b7f691bc00a1b561a0f | — | 2026-04-04 | |
| FileHash-MD5 | 81fb210ba148fd39e999ee9cdc085dfc | — | 2026-04-04 | |
| FileHash-MD5 | 8660646bbc6bb7dc8f59a764e25fe1fd | — | 2026-04-04 | |
| FileHash-MD5 | 9a6ea91491ccb1068b0592402029527f | — | 2026-04-04 | |
| FileHash-MD5 | d8256fbc62e85dae85eb8d4b49613774 | — | 2026-04-04 | |
| IPv4 | 147.45.197.92 | CC=RU ASN=AS2895 ooo freenet group | 2026-04-04 | |
| URL | https://147.45.197.92:443 | — | 2026-04-04 | |
| URL | https://94.228.161.88:443 | — | 2026-04-04 | |
| URL | https://rti.cargomanbd.com | d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 | 2026-04-04 | |
| hostname | rti.cargomanbd.com | — | 2026-04-04 |