← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer
WHITE Tr1sa111 2026-05-24 Modified: 2026-05-24
54
IOCs
HIGH VOLUME
fileless powershellinfostealerai platform impersonationdeveloper targetingsupply chain risktyposquattingseo poisoningcredential theft
Indicators of Compromise (54)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 04f0ef18a152f892ef0c43aa7d1499cd 2026-05-24
FileHash-MD5 2a36e01516929b5e2c43ed3f7bb137cd 2026-05-24
FileHash-MD5 34a9b024da31c3c54233f7da2021ef8a 2026-05-24
FileHash-MD5 8e43af7bb1961e87e35cecd9c9dc39c7 2026-05-24
FileHash-MD5 a7012d46ab1f5fba4ff81f442848237d 2026-05-24
FileHash-SHA1 3269b7c555b868bce5bae7fc7b4b8a55174ec221 2026-05-24
FileHash-SHA1 33c8c74294cd9cece97a2158a2533e992c8310bc 2026-05-24
FileHash-SHA1 a05aedfc0906ea392cd182cc75163cba0646d419 2026-05-24
FileHash-SHA1 b2b8eab958b77555160c95d89c7b5915f7d48a34 2026-05-24
FileHash-SHA1 e11cc0e79307a6237a6660d48988402fad6d3c6a 2026-05-24
FileHash-SHA256 0e8c45d847f57095d9879c0da764ab02431db4d5d85f50c4fd5ba38353b79eed 2026-05-24
FileHash-SHA256 1439d30ebeac3a6ccb9545acaa350783a83cc08746cb575e59ddb0efc77d412a 2026-05-24
FileHash-SHA256 27e17661f5573f63b65e3a5cfe5bdca75acdc1911441b032781f7ebe125d9194 2026-05-24
FileHash-SHA256 2d7a94e4a0fedcf31cdd43b06222add9d1888fecb2c5488afc658d08c3f40116 2026-05-24
FileHash-SHA256 2d9ecc9321994558d0cc0e9d3fa9fdf600bacfe8758976d34f26f89c33bd5007 2026-05-24
FileHash-SHA256 5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6 2026-05-24
FileHash-SHA256 5c6a2c73f59fd8defbf118f87e5c88ba62e3067f8e8c0ed104f3f188fa0d959d 2026-05-24
FileHash-SHA256 64d2a9a49e27d89f1b3489d7db29c3a3a12b4b090f59c24b694c239cb55db262 2026-05-24
FileHash-SHA256 65e1a542bb7d995cc4aa6c71191da125f14f99ca03da7266f5b071440d6d229a 2026-05-24
FileHash-SHA256 7c2a9ad5fcf489d1844f51830242f6dd9dfc203be6de3ceb07a4f6dd21c9f1a3 2026-05-24
FileHash-SHA256 80ffc86673bd8c8bd5862bbe961323a822b23c94df48c685162c571445552faa 2026-05-24
FileHash-SHA256 89d634c8471382ff9c6fd966008ad5c376d7a0edae8f799eb569837170f2373d 2026-05-24
FileHash-SHA256 9c87e8162b39fbb773c416006b16f8e34aca53372d1b2d4a584df0ffc69ad333 2026-05-24
FileHash-SHA256 a1c5e1d9bdc1a931c11ac6fdfdff1fbc69ff88521cf443cb174f9720a05fe72d 2026-05-24
FileHash-SHA256 a31ae1eef3261c36b465255e624fb7ac5899bf2a9823564ba792fac8346723aa 2026-05-24
FileHash-SHA256 a6525b37b0cc5339df375e17a0c10772b50c9d425001b0c3a9dada995c7f62dd 2026-05-24
FileHash-SHA256 aa350580ae5ea46544ffa15c324ab4225dff0dcc5842ac5ca8e2dc4018e5ffad 2026-05-24
FileHash-SHA256 ae8f70dad97fedecd707977ca22fd6f656c64c0dac96e03f0f4a6c04d0693f59 2026-05-24
FileHash-SHA256 ae9bc11adb457930d402844bd3bf3af8ea7c13fdb7ea269fbe73877b18af1ca8 2026-05-24
FileHash-SHA256 b37ee243518221017bab0eb4b54b5431571cc21e54113698ce49a89b89993754 2026-05-24
FileHash-SHA256 bb78f024c4d8b5a6a128aacb498acad025a234a6b25fde36ff2e14601134555f 2026-05-24
FileHash-SHA256 be2ff065a232a3a6f187f9fb03a6c1b368dff3d2ba0966777b1f5503aa5ecd16 2026-05-24
FileHash-SHA256 c213ce07b5791abd334ff749b5f05ecc6b40772d35ef4388b5f576bc3e619765 2026-05-24
FileHash-SHA256 c416052c8ac6bfb78b7f0c46c568c528ead33501149661f1d9ecb1861269f8fa 2026-05-24
FileHash-SHA256 c47610c9df3fb101b0e99f2ac12589db653464edf12cebaa2c67fd33fc7715f3 2026-05-24
FileHash-SHA256 de34f2f93b74e049a08074c779a863a87a85a403594b8e220b1fba15112e6386 2026-05-24
FileHash-SHA256 dfd21a363f4994794f821d76ca61c834882a51b5c6f7b95627b70789462149e3 2026-05-24
FileHash-SHA256 efbf87447d93f4232b1169920f75c2066d19863ebc28fb2d2662353dc4ef61d8 2026-05-24
FileHash-SHA256 ff81cb9263fcde5870a0748fd6af2d30a4ba864415c15ca14827d0dd723eb60c 2026-05-24
URL http://events.msft23.com/process 2026-05-24
URL https://community.chocolatey.net/install.ps1|iex 2026-05-24
URL https://geminicli.com/ 2026-05-24
URL https://www.pinvoke.net/default.aspx/advapi32.credwrite 2026-05-24
domain chocolatey.net 2026-05-24
domain claude-setup.com 2026-05-24
domain gemini-setup.com 2026-05-24
domain get-monero.co.uk 2026-05-24
domain olive3451.com 2026-05-24
hostname api.bio9438.com 2026-05-24
hostname community.chocolatey.net 2026-05-24
hostname events.ms709.com 2026-05-24
hostname events.msft23.com 2026-05-24
hostname metrics.msft17.com 2026-05-24
hostname www.pinvoke.net 2026-05-24
References (1)
↗ https://blog.eclecticiq.com/seo-poisoning-campaign-leverages-gemini-and-claude-code-impersonation-to-deliver-infostealer