← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows
WHITE celestre 2026-05-20 Modified: 2026-05-20
166
IOCs
HIGH VOLUME
Cybercriminals abuse legitimate, albeit legacy, tools to push a host of malware, ranging from run-of-the-mill password stealers to advanced threats. Bitdefender’s previous investigations already revealed how attackers used LOTL tactics in a Windows and macOS malware campaign that leveraged fake “Claude Code” Google ads.
lummastealerurl emmenhtalip purplefoxdomain newurl htaindicator typeip iploader httpsinitial htaclickfixpowershell
Indicators of Compromise (1 / 166 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 65100e3e23406a9f92880e202e4b006fd39f33d6 SHA1 of aa845a8fb4ab38aebe6a16a2a8f80ca4467ac0991d3eef4d8a10bdf97dedb1e9 2026-05-20
References (1)
↗ https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows