Pulse Detail — Threat Intelligence

PULSE NAME

Thor Lite Scan - 2026-04-28

WHITE UCP_GoA23 2026-04-30 Modified: 2026-05-30

497

IOCs

HIGH VOLUME

Thor Lite Scan - 2026-04-28 SCANID: S-YEFfQ7C4AkQ https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1003 T1027 T1055 T1056 T1059 T1110 T1113 T1132 T1134 T1203 T1505 T1550 T1566 T1569

Indicators of Compromise (128 / 497 total)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://api.microsofed.com/	—	2026-04-30
URL	http://appupdate.ibmlotus.net/	—	2026-04-30
URL	http://asq.r77vh0.pw/	—	2026-04-30
URL	http://auth.newtrendmicro.com/	—	2026-04-30
URL	http://cdn.theyardservice.com/	—	2026-04-30
URL	http://content.newtrendmicro.com/	—	2026-04-30
URL	http://contents.newtrendmicro.com/	—	2026-04-30
URL	http://dataplane.theyardservice.com/	—	2026-04-30
URL	http://docs.microsoft-support.net/	—	2026-04-30
URL	http://download.softupdate-online.top/	—	2026-04-30
URL	http://downloads.softupdate-online.top/	—	2026-04-30
URL	http://financialmarket.org/	—	2026-04-30
URL	http://helpdisk.ibmlotus.net/	—	2026-04-30
URL	http://ibmlotus.net/	—	2026-04-30
URL	http://internet.softupdate-online.top/	—	2026-04-30
URL	http://investbooking.de/	—	2026-04-30
URL	http://krakenfolio.com/	—	2026-04-30
URL	http://mail.ibmlotus.net/	—	2026-04-30
URL	http://market.newtrendmicro.com/	—	2026-04-30
URL	http://mcafee-upgrade.com/	—	2026-04-30
URL	http://microsofed.com/	—	2026-04-30
URL	http://microsoft-support.net/	—	2026-04-30
URL	http://newtrendmicro.com/	—	2026-04-30
URL	http://ng.at/\	—	2026-04-30
URL	http://ns10.microsoft-support.net/	—	2026-04-30
URL	http://ns9.microsoft-support.net/	—	2026-04-30
URL	http://objectif-securite.ch/forticlient_bulletin.php\	—	2026-04-30
URL	http://online.softupdate-online.top/	—	2026-04-30
URL	http://os.microsoft-support.net/	—	2026-04-30
URL	http://rst.void.ru	—	2026-04-30
URL	http://rst.void.ru/papers/advisory24.txt\	—	2026-04-30
URL	http://search.ibmlotus.net/	—	2026-04-30
URL	http://softupdate-online.top/	—	2026-04-30
URL	http://ssl.mcafee-upgrade.com/	—	2026-04-30
URL	http://static.theyardservice.com/	—	2026-04-30
URL	http://test.mcafee-upgrade.com/	—	2026-04-30
URL	http://theyardservice.com/	—	2026-04-30
URL	http://transplugin.io/	—	2026-04-30
URL	http://tw.2012yearleft.com/	—	2026-04-30
URL	http://tw.mcafee-upgrade.com/	—	2026-04-30
URL	http://update.softupdate-online.top/	—	2026-04-30
URL	http://upgrade.ibmlotus.net/	—	2026-04-30
URL	http://upgrade.newtrendmicro.com/	—	2026-04-30
URL	http://us.mcafee-upgrade.com/	—	2026-04-30
URL	http://usaid.theyardservice.com/	—	2026-04-30
URL	http://worldhomeoutlet.com/	—	2026-04-30
URL	http://ww7.transplugin.io/?usid=27&utid=7483641788	—	2026-04-30
URL	http://www.commonexploits.com/unquoted-service-paths/	—	2026-04-30
URL	http://www.hyperdose.com/advisories/H2005-05.txt	—	2026-04-30
URL	http://www.objectif-securite.ch	—	2026-04-30
URL	http://x0curlz.fr/aE9L\	—	2026-04-30
URL	https://bit.no.com:43110/theshadowbrokers.bit/post/message6/	—	2026-04-30
URL	https://bit.no.com:43110/theshadowbrokers.bit/post/message7/	—	2026-04-30
URL	https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/	—	2026-04-30
URL	https://obfuscator.io	—	2026-04-30
URL	https://valhalla.nextron-systems.com/info/rule/Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php\	—	2026-04-30
URL	https://www.filescan.io/api/system/yara?name=Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php&name=h4nt	—	2026-04-30
URL	https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt	—	2026-04-30
URL	https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html	—	2026-04-30
URL	https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/	—	2026-04-30
URL	https://www.nextron-systems.com/get-started/	—	2026-04-30
URL	http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html	—	2026-04-30
URL	http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033910.html\	—	2026-04-30
URL	http://marc.info/?l=bugtraq&m=111352290711509&w=2	—	2026-04-30
URL	http://marc.info/?l=bugtraq&m=111420400316397&w=2	—	2026-04-30
URL	http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/security	—	2026-04-30
URL	http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html	—	2026-04-30
URL	http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html	—	2026-04-30
URL	http://secunia.com/advisories/15076	—	2026-04-30
URL	http://secunia.com/advisories/19358	—	2026-04-30
URL	http://securitytracker.com/id?1013718	—	2026-04-30
URL	http://securitytracker.com/id?1015222	—	2026-04-30
URL	http://securitytracker.com/id?1015223	—	2026-04-30
URL	http://service.real.com/help/faq/security/security111605.html	—	2026-04-30
URL	http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities	—	2026-04-30
URL	http://www.osvdb.org/15818	—	2026-04-30
URL	http://www.rapid7.com/db/modu\	—	2026-04-30
URL	http://www.rapid7.com/db/modules/payload/windows/meterpreter/reverse_hop_http\	—	2026-04-30
URL	http://www.rapid7.com/db/modules/payload/windows/meterpreter/reverse_hop_http\\\\x0a--\	—	2026-04-30
URL	http://www.rapid7.com/db/modules/payload/windows/meterpreter/reverse_hop_http\x0a--	—	2026-04-30
URL	http://www.securityfocus.com/	—	2026-04-30
URL	http://www.securityfocus.com/bid/15448	—	2026-04-30
URL	http://www.securitytracker.com/id/1034175	—	2026-04-30
URL	http://www.securitytracker.com/id/1034175"	—	2026-04-30
URL	http://www.securitytracker.com/id/1038527	—	2026-04-30
URL	http://www.service.real.com/realplayer/security/03162006_player/en/	—	2026-04-30
URL	http://www.vupen.com/english/advisories/2005/2443	—	2026-04-30
URL	http://www.vupen.com/english/advisories/2006/1057	—	2026-04-30
URL	https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/	—	2026-04-30
URL	https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf	—	2026-04-30
URL	https://exchange.xforce.ibmcloud.com/vulnerabilities/20129	—	2026-04-30
URL	https://github.com/0x00-0x00/ShellPop	—	2026-04-30
URL	https://github.com/Cn33liz/p0wnedShell	—	2026-04-30
URL	https://github.com/Wh04m1001/CVE-2023-36874	—	2026-04-30
URL	https://github.com/avast/ioc	—	2026-04-30
URL	https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz\	—	2026-04-30
URL	https://github.com/ly4k/PwnKit	—	2026-04-30
URL	https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln	—	2026-04-30
URL	https://github.com/yck1509/ConfuserEx	—	2026-04-30
URL	https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683	—	2026-04-30
URL	https://goo.gl/BSQWzw	—	2026-04-30
URL	https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867	—	2026-04-30
URL	https://learn.microsoft.com/en-us/sysinternals/downloads/procdump	—	2026-04-30
URL	https://medium.com/@SumitVerma101/windows-privilege-escalation-part-1-unquoted-service-path-c7a011a8d8ae	—	2026-04-30
URL	https://minergate.com/faq/what-pool-address	—	2026-04-30
URL	https://nmap.org/	—	2026-04-30
URL	https://otx.alienvault.com/browse/global/pulses?q=tag:wed%20jan	—	2026-04-30
URL	https://otx.alienvault.com/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png	—	2026-04-30
URL	https://otx.alienvault.com/pulse/679aebd9b7251e78663f790d	—	2026-04-30
URL	https://otx.alienvault.com/user/Disable_Duck	—	2026-04-30
URL	https://twitter.com/James_inthe_box/status/1072116224652324870	—	2026-04-30
URL	https://twitter.com/testanull/status/1469549425521348609	—	2026-04-30
URL	https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf	—	2026-04-30
URL	https://www.cisa.gov/uscert/ncas/alerts/aa22-321a	—	2026-04-30
URL	https://www.hybrid-analysis.com/sample/16937e76db6d88ed0420ee87317424af2d4e19117fe12d1364fee35aa2fadb75?environmentId=100	—	2026-04-30
URL	https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/	—	2026-04-30
URL	https://www.oracle.com/security-alerts/cpuapr2022.html	—	2026-04-30
URL	https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/	—	2026-04-30
URL	https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt	—	2026-04-30
URL	https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/	—	2026-04-30
URL	https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/	—	2026-04-30
URL	https://www.starwindsoftware.com/security/sw-20220818-0001/	—	2026-04-30
URL	https://www.suse.com/support/kb/doc/?id=000020564	—	2026-04-30
URL	https://www.virustotal.com/ui/fa\	—	2026-04-30
URL	http://mcafee-service.us.com/	—	2026-04-30
URL	http://mcafee-service.us.com/lander?template=ARROW_3&tdfs=0&s_token=1724172750.0124480...	—	2026-04-30
URL	http://w.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1\	—	2026-04-30
URL	http://www.afternic.com/forsale/financialmarket.org?utm_source=TDFS_DASLNC&utm_medium=...	—	2026-04-30

References (3)

↗ https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark ↗ https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84 ↗ https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84/iocs