← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - ClickFix Removes Your Background but Leaves the Malware
WHITE ClickFix celestre 2026-05-06 Modified: 2026-05-30
22
IOCs
MEDIUM VOLUME
netsupport ratclickfixreflective loadercastleloadersocial engineering
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
CastleLoader NetSupport RAT CastleStealer
Indicators of Compromise (22)
All FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 bde21d8be65d31e1c380f2daae2f73c79f3e1f4bca70fb990db6fdf6c3768c92 2026-05-06
FileHash-SHA256 ed391a16389234f9ebb6727711baaf3e068d7f77c465708fa3e8b7d0565d7fb9 2026-05-06
FileHash-SHA256 f5dbaa09e60343f252a80d4a313a36ac11442d96b0896022d1a83744e3c11feb 2026-05-06
URL http://giovettiadv.com:688 2026-05-06
URL http://poronto.com:688 2026-05-06
URL https://brionter.com/4ba0af68-0037-5f6e-afd1-64f89fc0f554/net40.bin 2026-05-06
URL https://obelnamevalf.org/OaTS7yE9zd/default 2026-05-06
URL https://trindastal.com/8250d149-9bf8-566d-9d7d-ea925eae0a4 2026-05-06
domain ai-scan.digital 2026-05-06
domain background-off.com 2026-05-06
domain background-ready.online 2026-05-06
domain backgroundformat.online 2026-05-06
domain bg-go.online 2026-05-06
domain bg-ready.online 2026-05-06
domain bg-removerok.online 2026-05-06
domain bg-transparency.online 2026-05-06
domain brionter.com 2026-05-06
domain cheeshomireciple.com 2026-05-06
domain giovettiadv.com 2026-05-06
domain obelnamevalf.org 2026-05-06
domain poronto.com 2026-05-06
domain trindastal.com 2026-05-06
References (1)
↗ https://www.huntress.com/blog/clickfix-castleloader-backgroundfix