Pulse Detail — Threat Intelligence

PULSE NAME

IOC - UAT-8302 and its box full of malware

WHITE UAT-8302 celestre 2026-05-12 Modified: 2026-05-12

IOCs

MEDIUM VOLUME

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1053.005 T1003 T1069 T1071.004 T1087.002 T1087.001 T1135 T1190 T1055 T1090 T1482 T1083 T1059.001 T1078 T1027 T1570 T1071.001 T1018 T1574.002 T1105

MALWARE FAMILIES

NetDraft FringePorch CloudSorcerer VSHELL SNOWLIGHT SNOWRUST DeedRAT SNAPPYBEE ZingDoor Draculoader FinalDraft SquidDoor NosyDoor

Indicators of Compromise (50)

All IPv4 CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
IPv4	103.27.108.55	—	2026-05-12
CVE	CVE-2025-0994	—	2026-05-12
CVE	CVE-2025-20333	—	2026-05-12
CVE	CVE-2025-20362	—	2026-05-12
FileHash-MD5	111e8abb4b8592172d597926f47f018c	—	2026-05-12
FileHash-MD5	3d00e34594dbaba266f301ca37246e06	—	2026-05-12
FileHash-MD5	4c71357de3c0b12094693ca6eff94cad	—	2026-05-12
FileHash-MD5	99911fce9e0d697c99421b81e8fe2a04	—	2026-05-12
FileHash-MD5	efc71bd23572eec985a6d1bbf61308fd	—	2026-05-12
FileHash-MD5	f694401d8e80bb0f672b1b30fd7b153a	—	2026-05-12
FileHash-SHA1	3ddd90b99ee7ac3ec39e1d22b67c257d273a0970	—	2026-05-12
FileHash-SHA1	738d4398e7d11427051093ba8a6f37e51470795c	—	2026-05-12
FileHash-SHA1	7b6e094d98eb3f695e5856db4d8d22e11898cec9	—	2026-05-12
FileHash-SHA1	a1c3520282c81afabdefa4834b96563edf95c3c7	—	2026-05-12
FileHash-SHA1	c46bac27b5ca151afabd22c5546f78ae2ae3a20d	—	2026-05-12
FileHash-SHA1	f1551d3e5d144eef4e70a29dd3dc52fb22459d1f	—	2026-05-12
FileHash-SHA256	071e662fc5bc0e54bcfd49493467062570d0307dc46f0fb51a68239d281427c6	—	2026-05-12
FileHash-SHA256	1139b39d3cc151ddd3d574617cf113608127850197e9695fef0b6d78df82d6ca	—	2026-05-12
FileHash-SHA256	199bd156c81b2ef4fb259467a20eacaa9d861eeb2002f1570727c2f9ff1d5dab	—	2026-05-12
FileHash-SHA256	1bb59491f7289b94ab0130d7065d74d2459a802a7550ebf8cd0828f0a09c4d38	—	2026-05-12
FileHash-SHA256	2b627f6afe1364a7d0d832ccba87ef33a8a39f30a70a5f395e2a3cb0e2161cb3	—	2026-05-12
FileHash-SHA256	343105919aa6df8a75ecb8b06b74f23a7d3e221fca56c67b728c50ea141314bc	—	2026-05-12
FileHash-SHA256	35b2a5260b21ddb145486771ec2b1e4dc1f5b7f2275309e139e4abc1da0c614b	—	2026-05-12
FileHash-SHA256	3dec6703b2cbc6157eb67e80061d27f9190c8301c9dd60eb0be1e8b096482d7e	—	2026-05-12
FileHash-SHA256	4109f15056414f25140c7027092953264944664480dd53f086acb8e07d9fccab	—	2026-05-12
FileHash-SHA256	45cd169bf9cd7298d972425ad0d4e98512f29de4560a155101ab7427e4f4123f	—	2026-05-12
FileHash-SHA256	51f0cf80a56f322892eed3b9f5ecae45f1431323600edbaea5cd1f28b437f6f2	—	2026-05-12
FileHash-SHA256	7c593ca40725765a0747cc3100b43a29b88ad1708ef77e915ab02686c0153001	—	2026-05-12
FileHash-SHA256	7d9c70fc36143eb33583c30430dcb40cf9d306067594cc30ffd113063acd6292	—	2026-05-12
FileHash-SHA256	843f8aea7842126e906cadbad8d81fa456c184fb5372c6946978a4fe115edb1c	—	2026-05-12
FileHash-SHA256	9f115e9b32111e4dc29343a2671ab10a2b38448657b24107766dc14ce528fceb	—	2026-05-12
FileHash-SHA256	b19bfca2fc3fdabf0d0551c2e66be895e49f92aedac56654b1b0f51ec66e7404	—	2026-05-12
FileHash-SHA256	e74098b17d5d95e0014cf9c7f41f2a4e4be8baefc2b0eb42d39ae05a95b08ea5	—	2026-05-12
FileHash-SHA256	ee56c49f42522637f401d15ac2a2b6f3423bfb2d5d37d071f0172ce9dc688d4b	—	2026-05-12
FileHash-SHA256	f859a67ceebc52f0770a222b85a5002195089ee442eac4bea761c29be994e2ea	—	2026-05-12
FileHash-SHA256	fb6cebadd49d202c8c7b5cdd641bd16aac8258429e8face365a94bd32e253b00	—	2026-05-12
IPv4	156.238.224.82	—	2026-05-12
IPv4	185.238.189.41	—	2026-05-12
IPv4	38.54.32.244	—	2026-05-12
IPv4	45.135.135.100	—	2026-05-12
IPv4	45.140.168.62	—	2026-05-12
IPv4	85.209.156.3	—	2026-05-12
IPv4	88.151.195.133	—	2026-05-12
URL	http://msiidentity.com/pw	—	2026-05-12
URL	http://trafficmanagerupdate.com/index.php	—	2026-05-12
URL	http://www.drivelivelime.com/pw	—	2026-05-12
URL	http://www.drivelivelime.com/x	—	2026-05-12
domain	msiidentity.com	—	2026-05-12
domain	trafficmanagerupdate.com	—	2026-05-12
hostname	www.drivelivelime.com	—	2026-05-12

References (1)

↗ https://blog.talosintelligence.com/uat-8302/