Pulse Detail — Threat Intelligence

PULSE NAME

Threat Actors Weaponize Tiflux RMMs in Malspam Attacks by AlienVault

WHITE msudosos 2026-05-09 Modified: 2026-05-12

IOCs

LOW VOLUME

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

MALWARE FAMILIES

Tiflux UltraVNC Splashtop ScreenConnect

Indicators of Compromise (10)

All CVE FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2023-39143	—	2026-05-09
FileHash-SHA256	0b95524e5b00688f7f5efe56a74b93985feb2152d9336d44ca7a8dd9ca25d2d5	—	2026-05-09
FileHash-SHA256	87074c1bfd071fc47410a52af863e9ca62b2b85950c4cf643a220f0ea5717952	—	2026-05-09
FileHash-SHA256	f792d82e4472c001852998a3575e492907f38daa8d58ecdb3b3604b38d7b8a07	—	2026-05-09
URL	http://84.54.33.192:8040/Bin/ScreenConnect.ClientSetup.msi	—	2026-05-09
URL	https://anythinghere.woremix.icu/Viewfiles/download.php	—	2026-05-09
URL	https://lenwillfilenetwork.com/downloads/Network%20Solutions%20Agreement.msi	—	2026-05-09
domain	lenwillfilenetwork.com	—	2026-05-09
hostname	anythinghere.woremix.icu	—	2026-05-09
hostname	shankar.woremix.icu	—	2026-05-09

References (1)