← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command
WHITE Tr1sa111 2026-04-30 Modified: 2026-05-29
12
IOCs
MEDIUM VOLUME
phishinglumma stealerpowershellinformation stealercredential thefthijackloaderdll sideloadinglummastealerclickfix
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
HijackLoader Lumma Stealer - S1213 LummaStealer
Indicators of Compromise (3 / 12 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 818daf975f78ac30ba4ce0fdd2f7eb550cdc16701da35594e8c9cba72bc84a5c 2026-04-30
FileHash-SHA256 c529217014b732abbe646046c07ce8f0366a42051839d4cb3be5b400285fc728 2026-04-30
FileHash-SHA256 f31a8953531ffb5c14e2d8347e283e1f8f3c732a5a9a68f611c96f4730e8a7dc 2026-04-30