← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command
WHITE Tr1sa111 2026-04-30 Modified: 2026-05-29
12
IOCs
MEDIUM VOLUME
phishinglumma stealerpowershellinformation stealercredential thefthijackloaderdll sideloadinglummastealerclickfix
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
HijackLoader Lumma Stealer - S1213 LummaStealer
Indicators of Compromise (3 / 12 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 10dfd71cf61ea3c1621a5b0c08c3b034773fb84b 2026-04-30
FileHash-SHA1 7450731c0baf5befb79966a6be7873a5b1a62a7a 2026-04-30
FileHash-SHA1 b374d1715148bc80394b844d9f008adfa5585d65 2026-04-30