← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - From ClickFix to MaaS: Exposing a Modular Windows RAT and Its Admin Panel
WHITE celestre 2026-04-09 Modified: 2026-04-09
5
IOCs
LOW VOLUME
Netskope Threat Labs is tracking a new ClickFix campaign that targets Windows users. ClickFix became a prominent delivery vector in early 2025 for delivering malware like LegionLoader and LummaStealer, and this year we are seeing this trend continue, with ClickFix delivering high-quality, custom-built malware. In this latest campaign, the attackers delivered a NodeJS-based infostealer to Windows users via malicious MSI installers.
iocssha256path
Indicators of Compromise (5)
All FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 519d5f0350f7880559ad6ca51eb9c4e91ffe2046b635b58ada4b7269b775bb89 2026-04-09
domain bull-run.fun 2026-04-09
domain cloud-verificate.com 2026-04-09
domain spot-wave.fun 2026-04-09
domain yuhvgbzsa66biqeatbmdvfo5b5jjefcmz5t2vjuvco5qtdkshfpabyid.onion 2026-04-09
References (1)
↗ https://www.netskope.com/blog/from-clickfix-to-maas-exposing-a-modular-windows-rat-and-its-admin-panel