← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Infostealer Campaign Using Trading App as Lure
WHITE Kimsuky Tr1sa111 2026-05-24 Modified: 2026-05-24
17
IOCs
MEDIUM VOLUME
infostealercryptocurrencytrading app lureGitLab exfiltrationMoonPeakXenoRATcode signing abuseDPRK-nexus
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MoonPeak XenoRAT
Indicators of Compromise (17)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 f10d35fedb6aa986cef4c113edfdef26 2026-05-24
FileHash-SHA1 ed02996ba97457166406d1d3230ef177fec67913 2026-05-24
FileHash-SHA256 384255ba8bea8997dce5a6a9c4b4352279343000821128342e6960dbcc14bbe0 2026-05-24
FileHash-SHA256 3c356065e32ac8cbc6ec330581c7c343bf2d5567695f3a015a0ae95908a7ed6b 2026-05-24
FileHash-SHA256 528b004407d32bbc6299540a7a9fd98a3037070d34b56f14813aaaa29820b13d 2026-05-24
FileHash-SHA256 eaba341f94e700ff470e7a8fb3fe596f601ff54a8415103fa102520ec4bbd5e9 2026-05-24
domain endava.online 2026-05-24
domain talert.online 2026-05-24
domain talert.site 2026-05-24
domain talert.space 2026-05-24
domain talert.store 2026-05-24
domain tralert.online 2026-05-24
domain tralert.site 2026-05-24
domain tralert.store 2026-05-24
domain tralert7.com 2026-05-24
domain trumpalert.store 2026-05-24
domain why-db-sometimes-fails.md 2026-05-24
References (1)
↗ https://hybrid-analysis.blogspot.com/2026/05/velvet-chollima-infostealer-campaign.html?m=1