← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OpenClaw’s Hologram: Fake Installer Ships Rust Infostealer
WHITE CyberHunter_NL 2026-05-11 Modified: 2026-05-11
53
IOCs
HIGH VOLUME
A look back at some of the key events in the recent months, as well as the findings of Netskope Threat Labs' analysis of a fake OpenClaw installer campaign that has been active since February 2026.
hologramhookdeckazure devopshologram httpsnetskopefebruarypathfindervini egerlandledger livenetskope threatapriltelegramvidarghostsocksrustdefenderphantomwavemusicpowershellloaderglobalbackmbpehuntress
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MB PE Huntress Vidar
Indicators of Compromise (53)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
IPv4 185.196.9.98 CC=CH ASN=AS42624 simple carrier llc 2026-05-11
IPv4 45.55.35.48 CC=US ASN=AS14061 digitalocean llc 2026-05-11
IPv4 91.92.242.30 CC=BG ASN=ASNone 2026-05-11
IPv4 94.228.161.88 CC=RU ASN=AS48467 pronet llc 2026-05-11
FileHash-MD5 397405106d895815a9bef8d84445af5a MD5 of d5dffba463beae207aee339f88a18cfcd2ea2cd3e36e98d27297d819a1809846 2026-05-11
FileHash-MD5 6c98b26c585eb06e969c52dad708a227 MD5 of 0c4a9d3579485eaf8801e5ac479cd322ee1e7161b54cc24689b891fa82ba0f1e 2026-05-11
FileHash-MD5 814d37f89ce49383a2022b9dcca637aa MD5 of 605096b9729bd8eedab460dbd4baf702029fb59842020a27fc0f99fd2ef63040 2026-05-11
FileHash-MD5 84091c94dc9ac56fdf363f55d7ae113a MD5 of 4014048f8e60d39f724d5b1ae34210ffeac151e1f2d4813dbb51c719d4ad7c3a 2026-05-11
FileHash-MD5 b7a76b82c2a5e16a3c346cc6aa145556 MD5 of fd67063ffb0bcde44dca5fea09cc0913150161d7cb13cffc2a001a0894f12690 2026-05-11
FileHash-MD5 e102797eb4225a93eaeeaa6b9979716a MD5 of 787a28aff72f2ecd2f5e75baf284e61bda9ab8dd3905822c6f620cce809952e8 2026-05-11
FileHash-MD5 ecb3e753b60cc0f3d7de50fe7f133e49 MD5 of 4fcfcb83145223cca6db85e7c840876ec8a56d78efba856ab70287b0e5c8a696 2026-05-11
FileHash-MD5 f01e96a80f92c414dd824aef5a1ac1e7 MD5 of 6ae9f9cfa8e638e933ad8b06de7434c395ec68ee9cc4e735069bfb64646bb180 2026-05-11
FileHash-MD5 f9a25264ecf9013d2639875ce7f314cb MD5 of 40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378 2026-05-11
FileHash-SHA1 016616281fbdd9f712cf41323b9df9b803904cdc SHA1 of 0c4a9d3579485eaf8801e5ac479cd322ee1e7161b54cc24689b891fa82ba0f1e 2026-05-11
FileHash-SHA1 165469afc2f864cffb6906cf490a4db4aa0a06ec SHA1 of 40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378 2026-05-11
FileHash-SHA1 3a6a6d7f33848980ffbfba469ed3c7bf89af9a48 SHA1 of fd67063ffb0bcde44dca5fea09cc0913150161d7cb13cffc2a001a0894f12690 2026-05-11
FileHash-SHA1 927af2fee3166d75584bd9afdaaa2d43b4d21f79 SHA1 of 4fcfcb83145223cca6db85e7c840876ec8a56d78efba856ab70287b0e5c8a696 2026-05-11
FileHash-SHA1 b2a690df337d357728d58d898b7230e023b291e3 SHA1 of 787a28aff72f2ecd2f5e75baf284e61bda9ab8dd3905822c6f620cce809952e8 2026-05-11
FileHash-SHA1 ca301454527a43963b862c374c47bf65bdf4dc9e SHA1 of 6ae9f9cfa8e638e933ad8b06de7434c395ec68ee9cc4e735069bfb64646bb180 2026-05-11
FileHash-SHA1 d0ecf08a01c831e4e12355d12cf7d333e3bc94c3 SHA1 of d5dffba463beae207aee339f88a18cfcd2ea2cd3e36e98d27297d819a1809846 2026-05-11
FileHash-SHA1 dfe41cbbacf5ad1b41d55bc4b49f9c3c86758d46 SHA1 of 4014048f8e60d39f724d5b1ae34210ffeac151e1f2d4813dbb51c719d4ad7c3a 2026-05-11
FileHash-SHA1 eb44914a6a8e2b603d4c73ca7855da52cb8fc93c SHA1 of 605096b9729bd8eedab460dbd4baf702029fb59842020a27fc0f99fd2ef63040 2026-05-11
FileHash-SHA256 0c4a9d3579485eaf8801e5ac479cd322ee1e7161b54cc24689b891fa82ba0f1e 2026-05-11
FileHash-SHA256 1478ccc61b69cee462ea98621ba53adf2de0ce28355c5c4eafaed6d779c8acda 2026-05-11
FileHash-SHA256 4014048f8e60d39f724d5b1ae34210ffeac151e1f2d4813dbb51c719d4ad7c3a 2026-05-11
FileHash-SHA256 40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378 2026-05-11
FileHash-SHA256 4fcfcb83145223cca6db85e7c840876ec8a56d78efba856ab70287b0e5c8a696 2026-05-11
FileHash-SHA256 605096b9729bd8eedab460dbd4baf702029fb59842020a27fc0f99fd2ef63040 2026-05-11
FileHash-SHA256 6ae9f9cfa8e638e933ad8b06de7434c395ec68ee9cc4e735069bfb64646bb180 2026-05-11
FileHash-SHA256 787a28aff72f2ecd2f5e75baf284e61bda9ab8dd3905822c6f620cce809952e8 2026-05-11
FileHash-SHA256 d5dffba463beae207aee339f88a18cfcd2ea2cd3e36e98d27297d819a1809846 2026-05-11
FileHash-SHA256 f03736fadffcb7bef122d25d6ace8044378d4fa455f7f48081a3b32c80eb4ed2 2026-05-11
FileHash-SHA256 f554b6f34fd2710929d74af550ddb50633d36eaf0533f2d0cbbde75670676486 2026-05-11
FileHash-SHA256 fd67063ffb0bcde44dca5fea09cc0913150161d7cb13cffc2a001a0894f12690 2026-05-11
IPv4 147.45.197.92 CC=RU ASN=AS2895 ooo freenet group 2026-05-11
IPv4 193.202.84.14 CC=US ASN=AS174 cogent communications 2026-05-11
IPv4 86.54.42.72 CC=GB ASN=AS206509 kcom group limited 2026-05-11
URL http://193.202.84.14:56001 2026-05-11
URL http://hkdk.events/djbk1i9hp0sqoh 2026-05-11
URL http://mikolirentryifosttry.info/api/check/ 2026-05-11
domain hkdk.events 2026-05-11
domain jollymccalister.lol 2026-05-11
domain loclx.io 2026-05-11
domain mikolirentryifosttry.info 2026-05-11
domain openclaw-installer.com 2026-05-11
domain reducer.rs 2026-05-11
domain rubensbruno.adv.br 2026-05-11
domain serverconect.cc 2026-05-11
domain steamhostserver.cc 2026-05-11
domain transcloud.cc 2026-05-11
domain zkevopenanu.cfd 2026-05-11
hostname frr.rubensbruno.adv.br 2026-05-11
hostname hwd.hidayahnetwork.com 2026-05-11