← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
WHITE PetrP.73 2026-05-08 Modified: 2026-05-08
46
IOCs
MEDIUM VOLUME
Recent investigations by Acronis Threat Research Unit highlight the exploitation of AI distribution platforms, particularly Hugging Face and ClawHub, by cyber threat actors to deliver malware. These platforms, which are trusted repositories for AI models and tools, have become prime targets for attackers due to the inherent trust users place in their content. Attackers are embedding malicious functionality in software designed for AI ecosystems, utilizing the features of these platforms to extend the reach and impact of their malware beyond typical single-system compromises.
hugging faceclawhubminor actorfacegithubopenclawjoinwindows malwarewindowsai distributionfakesecuritypowershellexplorermaliciousvirustotaltrojantelegrambrokpathindoratsandroiddefenderloadermoltbotmacosithkrpawamosthreat
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Moltbot macOS ITHKRPAW FAKESECURITY AMOS OpenClaw Threat
Indicators of Compromise (46)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
IPv4 91.92.242.30 CC=BG ASN=ASNone 2026-05-08
FileHash-MD5 31d36da3d6cd96f335b14a1dd1f06cc2 MD5 of e84b1e2c432b2394c403b524b8361ffa9923a022eb05215f1dc811bc167c3c5e 2026-05-08
FileHash-MD5 41f581f7d2c09ab0edfea850b9db506f MD5 of 462af0a3a9094d44c30cc65544ec1171a62365cff09e67f5e87e061a3d604bd0 2026-05-08
FileHash-MD5 50eda29bfbeeb8b0429718447725016a MD5 of 579a82dde4425d95e20a22171be0a37702c833fdca6e5e04f69099a025863136 2026-05-08
FileHash-MD5 69315b7a1c4bf5ee56cba1de29d1761e MD5 of c7b93b6facfc23f49e35e81dc9c30cc69401b8245eeb7c032fc13656cd7e101f 2026-05-08
FileHash-MD5 a37f6403fbf28fa0b48863287f4c5a5d MD5 of f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16 2026-05-08
FileHash-MD5 abae0f42f695e55714d362a088acc780 MD5 of 9db18aa394f554aa455f3039ce734b1653cc999089889c551fe263bd4bdc39fc 2026-05-08
FileHash-MD5 b488d8d0cb6ee18af9e5800b66ff1ed9 MD5 of d781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073 2026-05-08
FileHash-MD5 b6a77b7892ef22d6afd91eb980a3f3d8 MD5 of d42aecf76fb1531cd5b7139e669910b2fd82a90b7e11448128e226775bf5d42e 2026-05-08
FileHash-MD5 bd46890121106b43f0c01ab82629400c MD5 of 122bea967f4c194fd5820123d13b7b71422c31f92b9fc0b0fa05aac3ff03dfaa 2026-05-08
FileHash-MD5 c5a53c02d531c5e46f9cc2fc0afbb88d MD5 of b5da6ffa5f85aa5016fbc02a3122361c85d21192c45df9544099d13e6ff84c36 2026-05-08
FileHash-MD5 ce62d1b6116f34f9ba815db1e2016d2a MD5 of 89930bd18e0f9c9c98dfb1662cb87aa98348e87164ab62b1f39e86ebf2ce24cb 2026-05-08
FileHash-SHA1 0d2bb0876cc58d8b9c91686c019c131584f1b970 SHA1 of c7b93b6facfc23f49e35e81dc9c30cc69401b8245eeb7c032fc13656cd7e101f 2026-05-08
FileHash-SHA1 197e0f42236143b60742ecbcac751617c22cfb9c SHA1 of e84b1e2c432b2394c403b524b8361ffa9923a022eb05215f1dc811bc167c3c5e 2026-05-08
FileHash-SHA1 1fc5e6458316277fae8272cbe9f3dfc86b681635 SHA1 of 89930bd18e0f9c9c98dfb1662cb87aa98348e87164ab62b1f39e86ebf2ce24cb 2026-05-08
FileHash-SHA1 5d253cc263851ec68c0a988bf86afbb3e9f0b491 SHA1 of 462af0a3a9094d44c30cc65544ec1171a62365cff09e67f5e87e061a3d604bd0 2026-05-08
FileHash-SHA1 8bd284bfb607d5e970c88a69ca9422b44b1148a9 SHA1 of 122bea967f4c194fd5820123d13b7b71422c31f92b9fc0b0fa05aac3ff03dfaa 2026-05-08
FileHash-SHA1 92149d122dedb4e507e3a9cf6e43c53836e16fbe SHA1 of 579a82dde4425d95e20a22171be0a37702c833fdca6e5e04f69099a025863136 2026-05-08
FileHash-SHA1 93b3d3925ccc201ab0f16017153a79ef05b8f5c2 SHA1 of d781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073 2026-05-08
FileHash-SHA1 9f79b3301a88348bb6f03369c239a660a8c277bc SHA1 of d42aecf76fb1531cd5b7139e669910b2fd82a90b7e11448128e226775bf5d42e 2026-05-08
FileHash-SHA1 a14bed1c46ba7406d5240e979251ccd394dfe3b5 SHA1 of b5da6ffa5f85aa5016fbc02a3122361c85d21192c45df9544099d13e6ff84c36 2026-05-08
FileHash-SHA1 a396ec79d8e33ca984c7ffc7ee4d7d2caa8412ee SHA1 of f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16 2026-05-08
FileHash-SHA1 a7c4407a7039102a8769bd51bfa64efc17943847 SHA1 of 9db18aa394f554aa455f3039ce734b1653cc999089889c551fe263bd4bdc39fc 2026-05-08
FileHash-SHA256 122bea967f4c194fd5820123d13b7b71422c31f92b9fc0b0fa05aac3ff03dfaa 2026-05-08
FileHash-SHA256 462af0a3a9094d44c30cc65544ec1171a62365cff09e67f5e87e061a3d604bd0 2026-05-08
FileHash-SHA256 579a82dde4425d95e20a22171be0a37702c833fdca6e5e04f69099a025863136 2026-05-08
FileHash-SHA256 89930bd18e0f9c9c98dfb1662cb87aa98348e87164ab62b1f39e86ebf2ce24cb 2026-05-08
FileHash-SHA256 9db18aa394f554aa455f3039ce734b1653cc999089889c551fe263bd4bdc39fc 2026-05-08
FileHash-SHA256 b5da6ffa5f85aa5016fbc02a3122361c85d21192c45df9544099d13e6ff84c36 2026-05-08
FileHash-SHA256 c7b93b6facfc23f49e35e81dc9c30cc69401b8245eeb7c032fc13656cd7e101f 2026-05-08
FileHash-SHA256 d42aecf76fb1531cd5b7139e669910b2fd82a90b7e11448128e226775bf5d42e 2026-05-08
FileHash-SHA256 d781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073 2026-05-08
FileHash-SHA256 e84b1e2c432b2394c403b524b8361ffa9923a022eb05215f1dc811bc167c3c5e 2026-05-08
FileHash-SHA256 f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16 2026-05-08
FileHash-SHA256 fd3d52c2bb3764aabfe4da301967bfbc18e1c062d5dad2e9f4c3b6b6cf0ec9f8 2026-05-08
URL http://91.92.242.30/1v07y9e1m6v7thl6 2026-05-08
URL http://91.92.242.30/6wioz8285kcbax6v 2026-05-08
URL https://glot.io/snippets/hfd3x9ueu5 2026-05-08
URL https://glot.io/snippets/hfdxv8uyaf 2026-05-08
URL https://install.app-distribution.net/setup/ 2026-05-08
URL https://velvet-parrot.com 2026-05-08
URL https://velvet-parrot.com:443 2026-05-08
domain glot.io 2026-05-08
domain skill.md 2026-05-08
domain velvet-parrot.com 2026-05-08
hostname install.app-distribution.net 2026-05-08
References (1)
↗ https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/