← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows
WHITE celestre 2026-05-20 Modified: 2026-05-20
166
IOCs
HIGH VOLUME
Cybercriminals abuse legitimate, albeit legacy, tools to push a host of malware, ranging from run-of-the-mill password stealers to advanced threats. Bitdefender’s previous investigations already revealed how attackers used LOTL tactics in a Windows and macOS malware campaign that leveraged fake “Claude Code” Google ads.
lummastealerurl emmenhtalip purplefoxdomain newurl htaindicator typeip iploader httpsinitial htaclickfixpowershell
Indicators of Compromise (31 / 166 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://185.147.124.40/Capcha.html 2026-05-20
URL http://92.255.57.155/Capcha.html 2026-05-20
URL http://antibot-check.icu/Capcha.html 2026-05-20
URL http://asd.s7610rir.pw/win/checking.hta 2026-05-20
URL http://asq.d6shiiwz.pw/win/hssl/d6.hta 2026-05-20
URL http://check.qlkwr.com/awjsx.captcha?u=03cb013e-aa4a-439e-86af-c3319c7b5dc0 2026-05-20
URL http://checkpageonce.com/singl6.mp4 2026-05-20
URL http://d1.pool4883.pw/win/hssl/r7.hta 2026-05-20
URL http://denek.local-wanderer.shop/RIWZ.mp4 2026-05-20
URL http://driftcharm.shop/S6.mp4 2026-05-20
URL http://echoicedeals.shop/s6.mp3 2026-05-20
URL http://etrademart.shop/s6.mp3 2026-05-20
URL http://kizmond.shop/riiw1.mp4 2026-05-20
URL http://klipjaqemiu.shop/web44.mp4 2026-05-20
URL http://macphotoeditor.shop/singl5.mp4 2026-05-20
URL http://macphotoeditor.shop/singl6.mp4 2026-05-20
URL http://onceletthemcheck.com/singl5.mp4 2026-05-20
URL http://pawpaws.readit-carfanatics.com/madonna.mp4 2026-05-20
URL http://propofgustestyle.info/recaptcha-verify.html 2026-05-20
URL http://recaptcha-process.com/recaptcha-verify.html 2026-05-20
URL http://retrosome.shop/ru2-2.eml 2026-05-20
URL http://savecoupons.store/s7.mp4 2026-05-20
URL http://scrutinycheck.cash/singl5.mp4 2026-05-20
URL http://simplerwebs.space/anrek.mp4 2026-05-20
URL http://simplerwebs.world/mine.json 2026-05-20
URL http://solve.gevaq.com/awjxs.captcha?u=a1bdaa0d-6aab-4d96-bafe-483ef5eb8cae 2026-05-20
URL http://solve.jenj.org/awjxs.captcha?u=8508de42-23ab-4b24-aa95-eda5feae86e8 2026-05-20
URL http://thepremiumstuffs.shop/s5.mp4 2026-05-20
URL http://topofsuper.shop/re5.mp4 2026-05-20
URL http://triptrip.melody-wave.shop/re2.mp4 2026-05-20
URL http://us1.somepools555.pw/win/checking.hta 2026-05-20
References (1)
↗ https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows