← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows
WHITE celestre 2026-05-20 Modified: 2026-05-20
166
IOCs
HIGH VOLUME
Cybercriminals abuse legitimate, albeit legacy, tools to push a host of malware, ranging from run-of-the-mill password stealers to advanced threats. Bitdefender’s previous investigations already revealed how attackers used LOTL tactics in a Windows and macOS malware campaign that leveraged fake “Claude Code” Google ads.
lummastealerurl emmenhtalip purplefoxdomain newurl htaindicator typeip iploader httpsinitial htaclickfixpowershell
Indicators of Compromise (28 / 166 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
IPv4 100.1.121.27 CC=US ASN=AS701 verizon 2026-05-20
IPv4 103.113.195.244 CC=BD ASN=AS137703 noakhali broadband network 2026-05-20
IPv4 103.115.17.90 CC=CN ASN=ASNone 2026-05-20
IPv4 103.36.223.87 CC=CN ASN=ASNone 2026-05-20
IPv4 103.55.70.212 CC=PK ASN=AS23674 nayatel (pvt) ltd 2026-05-20
IPv4 103.83.212.194 CC=IN ASN=AS135795 silicon care broadnet pvt ltd. 2026-05-20
IPv4 107.175.187.11 CC=US ASN=AS36352 colocrossing 2026-05-20
IPv4 110.42.51.229 CC=CN ASN=AS136188 ningbo zhejiang province p.r.china. 2026-05-20
IPv4 110.45.196.155 CC=KR ASN=AS3786 lg dacom corporation 2026-05-20
IPv4 122.165.219.142 CC=IN ASN=AS24560 bharti airtel ltd. 2026-05-20
IPv4 156.224.232.98 CC=HK ASN=AS135097 luogelang (france) limited 2026-05-20
IPv4 157.66.153.154 CC=JP ASN=ASNone 2026-05-20
IPv4 173.208.166.226 CC=US ASN=AS32097 wholesale internet inc. 2026-05-20
IPv4 185.147.124.40 CC=RU ASN=AS49392 llc baxet 2026-05-20
IPv4 185.208.159.199 CC=US ASN=ASNone 2026-05-20
IPv4 187.102.48.229 CC=BR ASN=AS53095 axnet provedor de internet comercio ltda 2026-05-20
IPv4 190.111.12.242 CC=GT ASN=AS26617 navega.com s.a. 2026-05-20
IPv4 193.112.70.226 CC=CN ASN=AS45090 shenzhen tencent computer systems company limited 2026-05-20
IPv4 201.138.238.195 CC=MX ASN=AS8151 uninet s.a. de c.v. 2026-05-20
IPv4 204.44.110.216 CC=US ASN=AS8100 quadranet enterprises llc 2026-05-20
IPv4 222.73.29.92 CC=CN ASN=AS4812 china telecom (group) 2026-05-20
IPv4 58.221.252.210 CC=CN ASN=AS4134 chinanet 2026-05-20
IPv4 60.173.116.152 CC=CN ASN=AS4134 chinanet 2026-05-20
IPv4 61.136.101.152 CC=CN ASN=AS4837 china unicom china169 backbone 2026-05-20
IPv4 61.147.108.92 CC=CN ASN=AS137697 chinatelecom jiangsu yangzhou idc networkdescr 2026-05-20
IPv4 87.96.21.84 CC=PL ASN=AS5617 orange polska spolka akcyjna 2026-05-20
IPv4 89.117.2.159 CC=LT ASN=AS7018 att services inc 2026-05-20
IPv4 92.255.57.155 CC=RU ASN=AS57523 chang way technologies co. limited 2026-05-20
References (1)
↗ https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows