← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
SL-ADV-2026-WP-001 - JS Malware v5 characteristics
WHITE dispensight 2026-05-21 Modified: 2026-05-21
15
IOCs
MEDIUM VOLUME
Deep static analysis of V5 hybrid loader via two-pass deobfuscation (robust: 625,373 bytes; aggressive: 660,803 bytes). All findings below are confirmed from deobfuscated output. See comments for the detailed description.
AS202412obfuscator.ioevasionanti-analysisclickfixgeo-targetedMalware as a Service
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
NodeJS obfuscator.io SL-WP-001v5
Indicators of Compromise (15)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 6761e404983215856e35484ca40c1f35 2026-05-21
FileHash-MD5 9e550c2ffacf56c204537f61e59b2900 2026-05-21
FileHash-SHA1 98a5f1d29347c554c19dc674c3e14ffead4bcedf 2026-05-21
FileHash-SHA256 07c50dd40d95472c9150c7318c2f1432366c98bb6297c18b2fff12c3eb204022 2026-05-21
FileHash-SHA256 54e0228f8203bd4ecdbb0fbdf1152ad17dda096bf34f09dc678b5cf5377e8fef 2026-05-21
FileHash-SHA256 6ddf9b469ba92aa311eed77a67cc7c278d157182c13e9acc9b1859555d966051 2026-05-21
FileHash-SHA256 efb5d7fe93abac8be1cd5720e88ac80d8d002884de1cecc104f5f8734b03a7da 2026-05-21
URL https://secureleaf.dispensight.com/advisories/SL-ADV-2026-WP-001 2026-05-21
domain dnsnewtds.shop 2026-05-21
domain dntds.shop 2026-05-21
domain ntdnewtds.shop 2026-05-21
domain sdntds.shop 2026-05-21
URL https://dntds.shop/jsrepo 2026-05-21
URL http://sdntds.shop/teamrepo 2026-05-21
URL https://www.sdntds.shop/ 2026-05-21
References (2)
↗ SL-ADV-2026-WP-001-V5-DEEP_STIX2.1.json ↗ https://secureleaf.dispensight.com/SL-ADV-2026-WP-001_malware_report.html