← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows
WHITE celestre 2026-05-20 Modified: 2026-05-20
166
IOCs
HIGH VOLUME
Cybercriminals abuse legitimate, albeit legacy, tools to push a host of malware, ranging from run-of-the-mill password stealers to advanced threats. Bitdefender’s previous investigations already revealed how attackers used LOTL tactics in a Windows and macOS malware campaign that leveraged fake “Claude Code” Google ads.
lummastealerurl emmenhtalip purplefoxdomain newurl htaindicator typeip iploader httpsinitial htaclickfixpowershell
Indicators of Compromise (166)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
domain system-monitor.cc 2026-05-20
FileHash-MD5 dbf37b54acb5e3b86a3dc93ec3b7dc24 MD5 of aa845a8fb4ab38aebe6a16a2a8f80ca4467ac0991d3eef4d8a10bdf97dedb1e9 2026-05-20
FileHash-SHA1 65100e3e23406a9f92880e202e4b006fd39f33d6 SHA1 of aa845a8fb4ab38aebe6a16a2a8f80ca4467ac0991d3eef4d8a10bdf97dedb1e9 2026-05-20
FileHash-SHA256 02630fa994b1566ad1515fd87220fc037b967f07495985a3637d68d7e08c57ee 2026-05-20
FileHash-SHA256 1e0e375f3ee82d5af5dfe6f7df0e2fac9a7d37c67add3390d05a93afd85b7c84 2026-05-20
FileHash-SHA256 333e2192f2551415659fb4094e81b911708921bb588eecf65e27f51c9938dfc2 2026-05-20
FileHash-SHA256 38fe562136ade372fc4cedde67826aeea8404e93a54a4a4736ddb4c8c8d4c96d 2026-05-20
FileHash-SHA256 7d0487afc91b0fe8b2fbf732ab54c3c07e86bf69471bba6c283aabea190499ba 2026-05-20
FileHash-SHA256 aa845a8fb4ab38aebe6a16a2a8f80ca4467ac0991d3eef4d8a10bdf97dedb1e9 2026-05-20
IPv4 100.1.121.27 CC=US ASN=AS701 verizon 2026-05-20
IPv4 103.113.195.244 CC=BD ASN=AS137703 noakhali broadband network 2026-05-20
IPv4 103.115.17.90 CC=CN ASN=ASNone 2026-05-20
IPv4 103.36.223.87 CC=CN ASN=ASNone 2026-05-20
IPv4 103.55.70.212 CC=PK ASN=AS23674 nayatel (pvt) ltd 2026-05-20
IPv4 103.83.212.194 CC=IN ASN=AS135795 silicon care broadnet pvt ltd. 2026-05-20
IPv4 107.175.187.11 CC=US ASN=AS36352 colocrossing 2026-05-20
IPv4 110.42.51.229 CC=CN ASN=AS136188 ningbo zhejiang province p.r.china. 2026-05-20
IPv4 110.45.196.155 CC=KR ASN=AS3786 lg dacom corporation 2026-05-20
IPv4 122.165.219.142 CC=IN ASN=AS24560 bharti airtel ltd. 2026-05-20
IPv4 156.224.232.98 CC=HK ASN=AS135097 luogelang (france) limited 2026-05-20
IPv4 157.66.153.154 CC=JP ASN=ASNone 2026-05-20
IPv4 173.208.166.226 CC=US ASN=AS32097 wholesale internet inc. 2026-05-20
IPv4 185.147.124.40 CC=RU ASN=AS49392 llc baxet 2026-05-20
IPv4 185.208.159.199 CC=US ASN=ASNone 2026-05-20
IPv4 187.102.48.229 CC=BR ASN=AS53095 axnet provedor de internet comercio ltda 2026-05-20
IPv4 190.111.12.242 CC=GT ASN=AS26617 navega.com s.a. 2026-05-20
IPv4 193.112.70.226 CC=CN ASN=AS45090 shenzhen tencent computer systems company limited 2026-05-20
IPv4 201.138.238.195 CC=MX ASN=AS8151 uninet s.a. de c.v. 2026-05-20
IPv4 204.44.110.216 CC=US ASN=AS8100 quadranet enterprises llc 2026-05-20
IPv4 222.73.29.92 CC=CN ASN=AS4812 china telecom (group) 2026-05-20
IPv4 58.221.252.210 CC=CN ASN=AS4134 chinanet 2026-05-20
IPv4 60.173.116.152 CC=CN ASN=AS4134 chinanet 2026-05-20
IPv4 61.136.101.152 CC=CN ASN=AS4837 china unicom china169 backbone 2026-05-20
IPv4 61.147.108.92 CC=CN ASN=AS137697 chinatelecom jiangsu yangzhou idc networkdescr 2026-05-20
IPv4 87.96.21.84 CC=PL ASN=AS5617 orange polska spolka akcyjna 2026-05-20
IPv4 89.117.2.159 CC=LT ASN=AS7018 att services inc 2026-05-20
IPv4 92.255.57.155 CC=RU ASN=AS57523 chang way technologies co. limited 2026-05-20
URL http://185.147.124.40/Capcha.html 2026-05-20
URL http://92.255.57.155/Capcha.html 2026-05-20
URL http://antibot-check.icu/Capcha.html 2026-05-20
URL http://asd.s7610rir.pw/win/checking.hta 2026-05-20
URL http://asq.d6shiiwz.pw/win/hssl/d6.hta 2026-05-20
URL http://check.qlkwr.com/awjsx.captcha?u=03cb013e-aa4a-439e-86af-c3319c7b5dc0 2026-05-20
URL http://checkpageonce.com/singl6.mp4 2026-05-20
URL http://d1.pool4883.pw/win/hssl/r7.hta 2026-05-20
URL http://denek.local-wanderer.shop/RIWZ.mp4 2026-05-20
URL http://driftcharm.shop/S6.mp4 2026-05-20
URL http://echoicedeals.shop/s6.mp3 2026-05-20
URL http://etrademart.shop/s6.mp3 2026-05-20
URL http://kizmond.shop/riiw1.mp4 2026-05-20
URL http://klipjaqemiu.shop/web44.mp4 2026-05-20
URL http://macphotoeditor.shop/singl5.mp4 2026-05-20
URL http://macphotoeditor.shop/singl6.mp4 2026-05-20
URL http://onceletthemcheck.com/singl5.mp4 2026-05-20
URL http://pawpaws.readit-carfanatics.com/madonna.mp4 2026-05-20
URL http://propofgustestyle.info/recaptcha-verify.html 2026-05-20
URL http://recaptcha-process.com/recaptcha-verify.html 2026-05-20
URL http://retrosome.shop/ru2-2.eml 2026-05-20
URL http://savecoupons.store/s7.mp4 2026-05-20
URL http://scrutinycheck.cash/singl5.mp4 2026-05-20
URL http://simplerwebs.space/anrek.mp4 2026-05-20
URL http://simplerwebs.world/mine.json 2026-05-20
URL http://solve.gevaq.com/awjxs.captcha?u=a1bdaa0d-6aab-4d96-bafe-483ef5eb8cae 2026-05-20
URL http://solve.jenj.org/awjxs.captcha?u=8508de42-23ab-4b24-aa95-eda5feae86e8 2026-05-20
URL http://thepremiumstuffs.shop/s5.mp4 2026-05-20
URL http://topofsuper.shop/re5.mp4 2026-05-20
URL http://triptrip.melody-wave.shop/re2.mp4 2026-05-20
URL http://us1.somepools555.pw/win/checking.hta 2026-05-20
domain acio-patron.cc 2026-05-20
domain alpha-centavr.cc 2026-05-20
domain alphazero1-endscape.cc 2026-05-20
domain antibot-check.icu 2026-05-20
domain azure-s3-bucket.cc 2026-05-20
domain bigbrainsholdings.com 2026-05-20
domain ccleaner.gl 2026-05-20
domain checkpageonce.com 2026-05-20
domain communicationfirewall-security.cc 2026-05-20
domain critical-service.cc 2026-05-20
domain debank-api.cc 2026-05-20
domain deluxe.gl 2026-05-20
domain domain-monitoring.cc 2026-05-20
domain driftcharm.shop 2026-05-20
domain echoicedeals.shop 2026-05-20
domain etrademart.shop 2026-05-20
domain explorer.vg 2026-05-20
domain fileless-market.cc 2026-05-20
domain fileless-storage-s3.cc 2026-05-20
domain files-storage.cc 2026-05-20
domain forest-entity.cc 2026-05-20
domain geo-foundation.vg 2026-05-20
domain globalsnn1-new.cc 2026-05-20
domain globalsnn2-new.cc 2026-05-20
domain globalsnn3-new.cc 2026-05-20
domain google-services.cc 2026-05-20
domain hardware-office.cc 2026-05-20
domain health-smooth-eu2.com 2026-05-20
domain health-smooth-eu3.com 2026-05-20
domain hell1-kitty.cc 2026-05-20
domain hell10-kitty.cc 2026-05-20
domain hell2-kitty.cc 2026-05-20
domain hell3-kitty.cc 2026-05-20
domain hell4-kitty.cc 2026-05-20
domain hell5-kitty.cc 2026-05-20
domain hell6-kitty.cc 2026-05-20
domain hell7-kitty.cc 2026-05-20
domain hell8-kitty.cc 2026-05-20
domain hell9-kitty.cc 2026-05-20
domain holiday-forever.cc 2026-05-20
domain holiday-updateservice.com 2026-05-20
domain holypriest.gl 2026-05-20
domain hosting-control.cc 2026-05-20
domain immortal-service.cc 2026-05-20
domain indeanapolice.cc 2026-05-20
domain kizmond.shop 2026-05-20
domain klipjaqemiu.shop 2026-05-20
domain macphotoeditor.shop 2026-05-20
domain memory-protection-layer1.cc 2026-05-20
domain memory-scanner.cc 2026-05-20
domain microservice-update-s1-bucket.cc 2026-05-20
domain microservice-update-s2-bucket.cc 2026-05-20
domain microservice.gl 2026-05-20
domain ms-team-ping6.com 2026-05-20
domain msedge.vg 2026-05-20
domain msgrouppolicy.vg 2026-05-20
domain my-smart-house1.com 2026-05-20
domain network-defender.cc 2026-05-20
domain offshore-storage.cc 2026-05-20
domain onceletthemcheck.com 2026-05-20
domain parent-control.cc 2026-05-20
domain polystore9-servicebucket.cc 2026-05-20
domain propofgustestyle.info 2026-05-20
domain py-installer.cc 2026-05-20
domain recaptcha-process.com 2026-05-20
domain retrosome.shop 2026-05-20
domain s1-microservice-updatehub.cc 2026-05-20
domain s10-microservice-updatehub.cc 2026-05-20
domain s2-microservice-updatehub.cc 2026-05-20
domain s3-microservice-updatehub.cc 2026-05-20
domain s3-updatehub.cc 2026-05-20
domain s4-microservice-updatehub.cc 2026-05-20
domain s5-microservice-updatehub.cc 2026-05-20
domain s6-microservice-updatehub.cc 2026-05-20
domain s7-microservice-updatehub.cc 2026-05-20
domain s8-microservice-updatehub.cc 2026-05-20
domain s9-microservice-updatehub.cc 2026-05-20
domain savecoupons.store 2026-05-20
domain scrutinycheck.cash 2026-05-20
domain sentinel1-endpoint-security.cc 2026-05-20
domain silverhost.vg 2026-05-20
domain simplerwebs.space 2026-05-20
domain simplerwebs.world 2026-05-20
domain some-othertag.cc 2026-05-20
domain thepremiumstuffs.shop 2026-05-20
domain topofsuper.shop 2026-05-20
domain urugvai.cc 2026-05-20
domain web3-walletnotify.cc 2026-05-20
hostname asd.s7610rir.pw 2026-05-20
hostname asq.d6shiiwz.pw 2026-05-20
hostname check.qlkwr.com 2026-05-20
hostname d1.pool4883.pw 2026-05-20
hostname denek.local-wanderer.shop 2026-05-20
hostname pawpaws.readit-carfanatics.com 2026-05-20
hostname solve.gevaq.com 2026-05-20
hostname solve.jenj.org 2026-05-20
hostname triptrip.melody-wave.shop 2026-05-20
hostname us1.somepools555.pw 2026-05-20
References (1)
↗ https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows