Malvertising campaign leads to PS1Bot, a multi-stage malware framework

Severity: mediumType: malware

A malware campaign utilizing malvertising has been distributing PS1Bot, a sophisticated multi-stage framework implemented in PowerShell and C#. PS1Bot features modular design, enabling information theft, keylogging, reconnaissance, and persistent system access. The malware minimizes artifacts and uses in-memory execution techniques for stealth. Active since early 2025, PS1Bot's information stealer targets cryptocurrency wallets and employs wordlists to identify files containing passwords and seed phrases. The campaign overlaps with previously reported Skitnet activities and uses similar C2 infrastructure. Delivery involves compressed archives with obfuscated scripts, leading to PowerShell modules for antivirus detection, screen capture, data theft, keylogging, and system information collection. Persistence is established through startup directory manipulation.

AI Analysis

Technical Summary

The PS1Bot malware campaign represents a sophisticated multi-stage threat primarily distributed via malvertising, leveraging deceptive online advertisements to infect victims. PS1Bot is implemented using PowerShell and C#, featuring a modular architecture that allows attackers to deploy various payloads tailored for information theft, keylogging, reconnaissance, and establishing persistent access on compromised systems. The malware employs advanced stealth techniques, including in-memory execution to avoid detection by traditional antivirus solutions and minimize forensic artifacts. The infection chain typically begins with compressed archives containing obfuscated scripts that execute PowerShell modules. These modules perform a range of malicious activities such as antivirus evasion, screen capturing, data exfiltration, keylogging, and system information gathering. Notably, PS1Bot targets cryptocurrency wallets by scanning files with wordlists to locate passwords and seed phrases, indicating a focus on financial theft. Persistence is maintained by manipulating the startup directory, ensuring the malware executes upon system reboot. The campaign has been active since early 2025 and shares infrastructure and tactics with the previously reported Skitnet malware group, suggesting a possible link or evolution. The use of malvertising as a delivery vector increases the attack surface, as it can reach a broad and diverse user base through compromised or malicious advertising networks. The modular design and use of PowerShell and C# enable rapid adaptation and deployment of new capabilities, making PS1Bot a versatile and persistent threat.

Potential Impact

For European organizations, PS1Bot poses significant risks, particularly to entities involved in cryptocurrency transactions, financial services, and sectors with high-value intellectual property or sensitive data. The malware's ability to steal credentials, capture keystrokes, and exfiltrate system information can lead to financial losses, data breaches, and operational disruptions. The stealthy nature of PS1Bot complicates detection and incident response, potentially allowing prolonged unauthorized access and data compromise. Organizations with remote or hybrid work models may be more vulnerable due to increased exposure to malvertising through web browsing on less controlled endpoints. Additionally, the targeting of cryptocurrency wallets aligns with the growing adoption of digital assets in Europe, increasing the potential financial impact. The campaign's use of startup directory persistence and in-memory execution techniques challenges traditional endpoint security measures, necessitating advanced detection capabilities. Furthermore, the overlap with Skitnet infrastructure suggests a persistent threat actor with evolving tactics, increasing the likelihood of continued or expanded attacks targeting European networks.

Mitigation Recommendations

European organizations should implement a multi-layered defense strategy tailored to the specific characteristics of PS1Bot. Key recommendations include: 1) Enhance web filtering and ad-blocking solutions to reduce exposure to malvertising, including the use of DNS filtering and browser security extensions that block malicious ads and scripts. 2) Deploy endpoint detection and response (EDR) tools capable of monitoring PowerShell activity and detecting in-memory execution patterns indicative of PS1Bot modules. 3) Implement strict application control policies to limit execution of unauthorized scripts and binaries, especially those launched from compressed archives or temporary directories. 4) Conduct regular threat hunting focused on indicators of persistence such as suspicious startup directory modifications and anomalous PowerShell commands. 5) Educate users on the risks of malvertising and encourage cautious behavior when interacting with online advertisements and downloading files from untrusted sources. 6) Secure cryptocurrency wallets using hardware wallets or multi-factor authentication to mitigate credential theft risks. 7) Maintain up-to-date threat intelligence feeds and integrate them into security operations to identify and respond to emerging PS1Bot indicators. 8) Employ network segmentation and strict egress filtering to limit data exfiltration pathways. These measures, combined with continuous monitoring and incident response preparedness, will reduce the likelihood and impact of PS1Bot infections.

Affected Countries

Germany, United Kingdom, France, Netherlands, Sweden, Switzerland, Estonia

Indicators of Compromise

ip: 181.174.164.117
ip: 181.174.164.12
ip: 181.174.164.161
ip: 181.174.164.170
ip: 181.174.164.180
ip: 181.174.164.2
ip: 181.174.164.201
ip: 181.174.164.238
ip: 181.174.164.47
ip: 213.176.113.168
hash: 1331e12e59aa729531fbfd44ae73fa3d
hash: 18f50c834765bd783de82ff0675a780e
hash: 6dc093e7f5c0986d371b1e22c97d2cab
hash: 7b20f4d5ab79cd5885535954a0110e24
hash: 87165a7e0f2c639ea1c0ceb2e9f7ec35
hash: c33c0ccbda3c3a3b6ddc99f56a0aa405
hash: 17118d0d57653fca7b87eb369151702828ae72ad
hash: 42f7ef7388f1e6214ad6c359b4b8d4c7437f9241
hash: 4f7d098807be470637cb6926fff5ee0751d8b810
hash: b4f8874ba735b15a1ca69a4c12d257d20d8a465c
hash: d50a55e361b8584c3b57e741edc8f924753e0d1a
hash: f6c23281f2948f2efde3e307b32606dc25deb787
hash: 01a94f7403e9e8cbe1cab08c4a1730e79e129d4c24193100292f69ed0d1979a9
hash: 048b2bafb871b586e895a0749ca74a6ebf47d1901b35730097c7a981d868772e
hash: 04b6a4c58ff8db639125a8277e7a3e8fb00100dd88f299896e24ac0fca928460
hash: 05d79a474dfe20fbb433806e215d78b31cf8574cd955588fb15cadbf720bf3c7
hash: 07b8120b557816182ea185e9d20b61445601c20c874761c41c4ab9a12d596886
hash: 0e415f71530b9d65e9804d8bc3fb12f53d26e6c27919db32c8a2924e437ecaa7
hash: 107afca60912befade2b9867167135da0a8658e6eb515330b064a9db73a562ac
hash: 14371c2993a31cdf39a8747a589e1eff365b7711a1d9fdfbc8b5273f397aa29e
hash: 190f954bcca561f829b56b6e3dfce7a0d9206eab6628ee55a04d0c2c4a45c83a
hash: 1b3e8dc1f493b8e9bd8cbe1aa948acef8e6aac41f480bff76075327dbe66652b
hash: 1c0f9d45e5fd0858eed93c36d9fb2ed8fd30a3fc9f0a58c1fa5c38bc32a9cf07
hash: 1e437075ff88f4ab33447a14683a9304dcb0bdb6cc52f2cff065f404a949e3fb
hash: 1e63e374ec0b11f361a1b051e4d123e3a2a10404ba81cfff912cbd4c96187297
hash: 1fe0138168469fb6d3f0f07f848499057d8990879d7ae2cddcd9345faa335dc7
hash: 21a56e1b10037c794a7eac52d71b063b76b0ff2e92af507d2f8d9f87402b721c
hash: 244e511e0699fe0b6722244dbe66026597bdf5b4369c9c66f846a3f49b438341
hash: 253ed51910d7835eafb1a21814f45520809ee6420c0a882b1c2d64487542652a
hash: 2616e7157017331e10f932ae45bccdde091c724aca5496b069b17fd42f952a4b
hash: 291700be999ed8d361e9418a3375353c384999afc42271affa7ecc395f137fc0
hash: 330a579ba3bb727a8c98079d127d6341c2ae8321f164c0b2050ed7d1dee4b588
hash: 33621b2d12a898e4a78b7e5e1dc59506a9fe3b0fb4fe2ff33c32795ea5b312a6
hash: 34804cb36531f1871c0a51e5163bfd639b97c7fe4d1604295c326e08e1afadd9
hash: 368b1fb562d913222a06b6c4ec5c9aa060b1c223a8acbfd747167c75856b16b0
hash: 36c3affc545476d2c5db29fcf9129849706ae41bd54894b7eb5dfe8c6b670b4b
hash: 3f97a1c386e14a44e7eb259858adec0bb1546fe59d3199595cb6c3d4d1988470
hash: 411f6444889d5bdba73cf7735f29a8fa971f80cb9d0464c8475d304bf22e94d5
hash: 41c8b2709640428746aca1e842d99db237a91f9cf948396303c8b73e90b785a0
hash: 42fe9d401dd68ddfde23e89a7a4c08125dc0aa121cdfe930589798a92b4262cf
hash: 453b93029be22447b4bf2925991f72a1b063c753c85e230e44ee1ab382b338ea
hash: 45ba535ccd969263b74ddc571efe3ae023fba2b9567ac272967f92e799c7f83c
hash: 48eb1c7586732005ab6da8644e550c7aa75fa382d1cc27e82ed43ca953604078
hash: 49f323dbe82ec8452b8e205bc7aa0925bc9f48f2b4ebf66e3c54a9e3b08d5be5
hash: 4dbd1bf6a07b97cb14cd4e2d78d09bc3561f225b64f99dc40774959e6bd9de21
hash: 58b4d06da885b9e373516b560d4e8ea87a7281f19bebf547100950e41511d67e
hash: 5980798820124788c99dbbfa6da0e3a1b8bd5e8f18804a2a0bee6d0bc119c685
hash: 5afbfd477f803d1b0de651c1a16ffb7c698ba4033258276b8e19bfa749b3ffb5
hash: 5bba8e7b6f31b3bdd2db9562b327e5e464867aeb436c268957ecee9690db181d
hash: 5c569c68ec4085607b7c23854105a9255dd4290c8ed43f1d95141f77db4e4781
hash: 5c983b71d035b05aba30778804bd6a2db6a9e00b1e186083813cf6ae513f89f6
hash: 64c6bfb31a340464a99acb4c51680070e470ca649ff29f5db26954bf13963b26
hash: 6669f4a455f5c71667f5f8b0e0d627f1398e15112e08277205a883487c189603
hash: 6bf52b79adbd2b79118700810b8437e2ec2e5e19d599e4e068c8f6f0d76ffc1a
hash: 705b51c3ccd0bd375a65fa1e80acfef80709b50b2a7d54b487309f49e9a92f11
hash: 70da9f738fcc760986e0ed4f76f84800d3a038f672c64683a1d5323043da76e9
hash: 7270dfd6bd579283f4f2cb5654de644491d29812109ae51a71886241cb824395
hash: 7377c7e3daa3c0d3cfd941c6cb0e27271dd2acbc0737c472b609861b0bf44a5f
hash: 76e60c2bad2d4ff20845dc9b4fc969fda6be34531ead2e53568b917fc815ae36
hash: 780ea1c97bbfe745628415aa0049c9febfcf56857a3482e910289ff229e6b7f5
hash: 7abafcb21b1f7fd4c07b54c3ca99912caaacfc0e8e7330631d62247faede6ada
hash: 7b89423831873906aa3f28507d1adbcca92b37dbb8a9be4f2d753ebc31467f33
hash: 7c5f964dda057e8f5bc7f81204bfb3f607191e7250cc60eb0c0fd69ee83f62c2
hash: 809f4ffef71ab43d692d4fececf1dfefffb0854ae1f15486960b1c198c47c69f
hash: 84147b1bd16218d165b5fc6b72040a69f10fdc9c654ca056e997cec18638b4ff
hash: 87d493b325177b038f068819b9efbdaf7596e252cc0cdc421b831226e9e20500
hash: 89b0f2496b6200d93e1734bf586bcf67473e0437a3301403e6708f58ade9cbe6
hash: 8a1b2bee78a30f2f119a37a0e024b47fb21572f6f7e02444302889fc1bd75686
hash: 8e7241ba98618ccb4ca015f3673704a8df9cd8de5aa2e8a287e565479755567b
hash: 90588fa7721cc3a381ec2353299beeb9918766ee38cfbf95bac45e15ef84d81c
hash: 90a81e6dd69c7f01bbd6bf74e259a1374bfe362bd23445532cf8d044b9739f8b
hash: 9304ff7136c030896973b0192c3ff02d47daaae9aa04db80a980df5c8eaffd91
hash: 943964e8eec89f1b8cb16c0cb813e0253529f47b60b2ecdef5afb4b0abd0d511
hash: 94a7a0ad7ba79bccbdbfd542269b20fae67df35e05537106e91aed6f2553d088
hash: 9a5685effadb8c63cea8b14115402ad3cfe721984b68726f8afd4f4b38e00a8b
hash: 9b3a0f109f96dbc74f65cf464cdc92760c1aaec1cda55d5bf39e6359bebbfedf
hash: 9cc1657fa9f056a7b34009c71d376f9af41e3b2505e0e3ecca536c806c5eeda4
hash: a2cca39a4bcd12b6213334d7bc7cfced07636d24a760b7a8e39f05b85bf86caf
hash: a3730e2dbcaf2bd3dea2c57c945175480577fe00ed5ece7a16f53fc2b2a36869
hash: a8020170bc2d83cc7cdf86e1b729a8874d287d1c5ba4d9515bf45b04a1558b7a
hash: a8cd019b2e762ac277a282eac9dc4507ab1fd81d47b37d0d404469a95f0be4a3
hash: abfb7c3c3ea828bf85874c596cac17770668abb28734cbeec67dc8c958afd340
hash: af339fc0bc2ac4f7618021c9560586164d55c8aa5fa1d1ac740e30739c0ff425
hash: b3c7b3bf625fdce478c0e5def4ab43f8d9e427dfacac7d37f143b3aae0050118
hash: b432adc819e6b5b65004956929dc843cf4cee3ff6dc54687d50268d36ba6a81f
hash: b5a97bc726b26c05d76eb6c51505d1e3fe18eeb7177e2be25854e6d84bda7a02
hash: b5e59c233b825cceaf03b8e902ebdc4d608a3c3d0ee35a092ef8c17fcb48e6f7
hash: b6fb6849c14dddef78c58c62878d3c67f85f81c663a3614992eda616cf36f25c
hash: b82710fc1422c5d94c68999e4fa9f90bf49ec7927636eb12be5933ef0690f354
hash: b9866a44469d7855d114ddfc1b9bdad347ddec6dfcd5c4878367580e40be87df
hash: b9caa844b3d72842f37a57dffc25df3fe1f6083f93295c2fbed0b0281c2652c3
hash: b9f5dc18641151bf70bab31f2acd3409bc149ca8ff9fcb4edd8e20c0311157bd
hash: ba3aed3af58569b8bf6bafbd360aa73bc777e81ee2783b7b0dcb956ea6b82df0
hash: bccd81dc5e2c8eafbf8062561b40f77d63c9f498bd20723d9cd68e1526171b79
hash: c025ff463278744795798abc7ed404f38cf167a447cbd4c0fde7f9a4b2dd0ccc
hash: c09dffd32f233b9d65fe73432cfa29c1de9ea56cfd2f42b985f5e0cccfc0aa4f
hash: c1c5e249919865658403854397a6b62593ee6ab99f4a20ea8ae1e03f1fac5e71
hash: c2a0e65177b941424183f97329fa78bd28696aa928e3a26b7a58088e44e3e4f6
hash: c35ec5aea53b2591e7ee8cf89da86c7a44ca1f333b206c8f33b078c8ddbe4fa9
hash: c52f4f652442ff142c00989e919f43387fb4779964fadc458ec80886727e55be
hash: c64a9e869ad8b210338e462db7bbb9de8c1288a9de3cecc9437666d75821429c
hash: c75d16ef197ddc7241abc712ccb7981ca7817f5761f9f8f986fd8b9fb7036256
hash: ca4e3ab9ea7b85ba81e0141fee19c67d91832155a11c0b378e58749010ff243b
hash: cab6a14f345a6a8404160825d91240ba24c6dccaca6b90da096f05406fcb4935
hash: cd58d6d9065c112293f15ae8bbd2002e88f258e8bee38297903d1ca9025d05a6
hash: cd875cd6c18697b401e0ed103e1d9a5f2d047ec22fa2b772fe3c4dfec6952151
hash: d0141a341f816d3493919524be6e025ccbb04f114a7789d982d35b40b0f7ba63
hash: d2a9a3fdf016e9f0f32671d2dfdfe5fa6f66541822d6c0278ccf8ce9eba94db8
hash: dab22465284356186a3de1ea470f2721e0ac18a84a072ae7dd83f06ca3efb25b
hash: de5022893af502a25ae5f37cfa80783df798d578bb5d69facfd631055cd0f2b5
hash: e3c943ad9ff6a43c88b7d977f207b85c8c2cfd0c69d582e748cf58419d5bc188
hash: e899206a07b322cb69f659a112fd508911bd92be40cfcef4773fcf8b43ce93f9
hash: e95d9c7b29714bb4c880c3417707b2f3da9ad52f65bcf288baa27dd2c8a54c9a
hash: ec513db1dcd045444fb7282f382786d91ed3357d254797afacec8b7bab1f5070
hash: ecb7133e5c2338a74f1f9e836edcb9218a82dcfc83c85cec8f49903246783e48
hash: ee2385867241917960d21cc66b9c58aab8a62d2b203f725458771b3ee7794c80
hash: ee726c64a82244cb65a6a0a768e5fe7032cb5d0897296418ce91f3b561726586
hash: ef9456ada1d93e7cfc1750be1afd68807d532b6e893edd5ad79f016affd29dd0
hash: f010ec8d2ab7b702870ee029aec16c0fdfe64a40f872f36dcb94ae7bc62a4638
hash: f1414ace7527119aa69ea6c18de4d3ae073a306c9c3d63cd1d279059a5077bc4
hash: f41538620ce33c25984032ddcfa339bd1e0dd6b4e7c97688dd7bebb310837716
hash: f5d72181c6b7b8054244a40e6ade96fbb2d6968a132fddee082846b8ca4dc102
hash: f74fac3e5f7ebb092668dc16a9542799ccacc55412cfc6750d0f100b44eef898
hash: f966b7fa2ad4efc87cebb2fe2ac1fcbb21ef22b945dbd44aea9706791537b671
hash: f9a2c3d1b3244b0f38601e26f36d46b8d93b7b3df5e6fd1703e7c5afed8375b9
hash: fab53f1bceaeedb7f84a031346a0ef840328cd28aeb984e34f2434a9d3475237
hash: fdb7373fdcdb59b744e5b4e8369a2ba1c210449aa63dccde3f3546c790701804
hash: ff2933aa3eb4b43ad93e798feec1d3699ce7b75497ed893942e742b3d2514b67
ip: 109.120.179.170
ip: 131.174.164.238
ip: 147.45.45.168
ip: 5.252.153.94
ip: 62.60.178.24
ip: 77.110.116.227

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, United Kingdom, France, Netherlands, Sweden, Switzerland, Estonia

Indicators of Compromise

ip: 181.174.164.117
ip: 181.174.164.12
ip: 181.174.164.161
ip: 181.174.164.170
ip: 181.174.164.180
ip: 181.174.164.2
ip: 181.174.164.201
ip: 181.174.164.238
ip: 181.174.164.47
ip: 213.176.113.168
hash: 1331e12e59aa729531fbfd44ae73fa3d
hash: 18f50c834765bd783de82ff0675a780e
hash: 6dc093e7f5c0986d371b1e22c97d2cab
hash: 7b20f4d5ab79cd5885535954a0110e24
hash: 87165a7e0f2c639ea1c0ceb2e9f7ec35
hash: c33c0ccbda3c3a3b6ddc99f56a0aa405
hash: 17118d0d57653fca7b87eb369151702828ae72ad
hash: 42f7ef7388f1e6214ad6c359b4b8d4c7437f9241
hash: 4f7d098807be470637cb6926fff5ee0751d8b810
hash: b4f8874ba735b15a1ca69a4c12d257d20d8a465c
hash: d50a55e361b8584c3b57e741edc8f924753e0d1a
hash: f6c23281f2948f2efde3e307b32606dc25deb787
hash: 01a94f7403e9e8cbe1cab08c4a1730e79e129d4c24193100292f69ed0d1979a9
hash: 048b2bafb871b586e895a0749ca74a6ebf47d1901b35730097c7a981d868772e
hash: 04b6a4c58ff8db639125a8277e7a3e8fb00100dd88f299896e24ac0fca928460
hash: 05d79a474dfe20fbb433806e215d78b31cf8574cd955588fb15cadbf720bf3c7
hash: 07b8120b557816182ea185e9d20b61445601c20c874761c41c4ab9a12d596886
hash: 0e415f71530b9d65e9804d8bc3fb12f53d26e6c27919db32c8a2924e437ecaa7
hash: 107afca60912befade2b9867167135da0a8658e6eb515330b064a9db73a562ac
hash: 14371c2993a31cdf39a8747a589e1eff365b7711a1d9fdfbc8b5273f397aa29e
hash: 190f954bcca561f829b56b6e3dfce7a0d9206eab6628ee55a04d0c2c4a45c83a
hash: 1b3e8dc1f493b8e9bd8cbe1aa948acef8e6aac41f480bff76075327dbe66652b
hash: 1c0f9d45e5fd0858eed93c36d9fb2ed8fd30a3fc9f0a58c1fa5c38bc32a9cf07
hash: 1e437075ff88f4ab33447a14683a9304dcb0bdb6cc52f2cff065f404a949e3fb
hash: 1e63e374ec0b11f361a1b051e4d123e3a2a10404ba81cfff912cbd4c96187297
hash: 1fe0138168469fb6d3f0f07f848499057d8990879d7ae2cddcd9345faa335dc7
hash: 21a56e1b10037c794a7eac52d71b063b76b0ff2e92af507d2f8d9f87402b721c
hash: 244e511e0699fe0b6722244dbe66026597bdf5b4369c9c66f846a3f49b438341
hash: 253ed51910d7835eafb1a21814f45520809ee6420c0a882b1c2d64487542652a
hash: 2616e7157017331e10f932ae45bccdde091c724aca5496b069b17fd42f952a4b
hash: 291700be999ed8d361e9418a3375353c384999afc42271affa7ecc395f137fc0
hash: 330a579ba3bb727a8c98079d127d6341c2ae8321f164c0b2050ed7d1dee4b588
hash: 33621b2d12a898e4a78b7e5e1dc59506a9fe3b0fb4fe2ff33c32795ea5b312a6
hash: 34804cb36531f1871c0a51e5163bfd639b97c7fe4d1604295c326e08e1afadd9
hash: 368b1fb562d913222a06b6c4ec5c9aa060b1c223a8acbfd747167c75856b16b0
hash: 36c3affc545476d2c5db29fcf9129849706ae41bd54894b7eb5dfe8c6b670b4b
hash: 3f97a1c386e14a44e7eb259858adec0bb1546fe59d3199595cb6c3d4d1988470
hash: 411f6444889d5bdba73cf7735f29a8fa971f80cb9d0464c8475d304bf22e94d5
hash: 41c8b2709640428746aca1e842d99db237a91f9cf948396303c8b73e90b785a0
hash: 42fe9d401dd68ddfde23e89a7a4c08125dc0aa121cdfe930589798a92b4262cf
hash: 453b93029be22447b4bf2925991f72a1b063c753c85e230e44ee1ab382b338ea
hash: 45ba535ccd969263b74ddc571efe3ae023fba2b9567ac272967f92e799c7f83c
hash: 48eb1c7586732005ab6da8644e550c7aa75fa382d1cc27e82ed43ca953604078
hash: 49f323dbe82ec8452b8e205bc7aa0925bc9f48f2b4ebf66e3c54a9e3b08d5be5
hash: 4dbd1bf6a07b97cb14cd4e2d78d09bc3561f225b64f99dc40774959e6bd9de21
hash: 58b4d06da885b9e373516b560d4e8ea87a7281f19bebf547100950e41511d67e
hash: 5980798820124788c99dbbfa6da0e3a1b8bd5e8f18804a2a0bee6d0bc119c685
hash: 5afbfd477f803d1b0de651c1a16ffb7c698ba4033258276b8e19bfa749b3ffb5
hash: 5bba8e7b6f31b3bdd2db9562b327e5e464867aeb436c268957ecee9690db181d
hash: 5c569c68ec4085607b7c23854105a9255dd4290c8ed43f1d95141f77db4e4781
hash: 5c983b71d035b05aba30778804bd6a2db6a9e00b1e186083813cf6ae513f89f6
hash: 64c6bfb31a340464a99acb4c51680070e470ca649ff29f5db26954bf13963b26
hash: 6669f4a455f5c71667f5f8b0e0d627f1398e15112e08277205a883487c189603
hash: 6bf52b79adbd2b79118700810b8437e2ec2e5e19d599e4e068c8f6f0d76ffc1a
hash: 705b51c3ccd0bd375a65fa1e80acfef80709b50b2a7d54b487309f49e9a92f11
hash: 70da9f738fcc760986e0ed4f76f84800d3a038f672c64683a1d5323043da76e9
hash: 7270dfd6bd579283f4f2cb5654de644491d29812109ae51a71886241cb824395
hash: 7377c7e3daa3c0d3cfd941c6cb0e27271dd2acbc0737c472b609861b0bf44a5f
hash: 76e60c2bad2d4ff20845dc9b4fc969fda6be34531ead2e53568b917fc815ae36
hash: 780ea1c97bbfe745628415aa0049c9febfcf56857a3482e910289ff229e6b7f5
hash: 7abafcb21b1f7fd4c07b54c3ca99912caaacfc0e8e7330631d62247faede6ada
hash: 7b89423831873906aa3f28507d1adbcca92b37dbb8a9be4f2d753ebc31467f33
hash: 7c5f964dda057e8f5bc7f81204bfb3f607191e7250cc60eb0c0fd69ee83f62c2
hash: 809f4ffef71ab43d692d4fececf1dfefffb0854ae1f15486960b1c198c47c69f
hash: 84147b1bd16218d165b5fc6b72040a69f10fdc9c654ca056e997cec18638b4ff
hash: 87d493b325177b038f068819b9efbdaf7596e252cc0cdc421b831226e9e20500
hash: 89b0f2496b6200d93e1734bf586bcf67473e0437a3301403e6708f58ade9cbe6
hash: 8a1b2bee78a30f2f119a37a0e024b47fb21572f6f7e02444302889fc1bd75686
hash: 8e7241ba98618ccb4ca015f3673704a8df9cd8de5aa2e8a287e565479755567b
hash: 90588fa7721cc3a381ec2353299beeb9918766ee38cfbf95bac45e15ef84d81c
hash: 90a81e6dd69c7f01bbd6bf74e259a1374bfe362bd23445532cf8d044b9739f8b
hash: 9304ff7136c030896973b0192c3ff02d47daaae9aa04db80a980df5c8eaffd91
hash: 943964e8eec89f1b8cb16c0cb813e0253529f47b60b2ecdef5afb4b0abd0d511
hash: 94a7a0ad7ba79bccbdbfd542269b20fae67df35e05537106e91aed6f2553d088
hash: 9a5685effadb8c63cea8b14115402ad3cfe721984b68726f8afd4f4b38e00a8b
hash: 9b3a0f109f96dbc74f65cf464cdc92760c1aaec1cda55d5bf39e6359bebbfedf
hash: 9cc1657fa9f056a7b34009c71d376f9af41e3b2505e0e3ecca536c806c5eeda4
hash: a2cca39a4bcd12b6213334d7bc7cfced07636d24a760b7a8e39f05b85bf86caf
hash: a3730e2dbcaf2bd3dea2c57c945175480577fe00ed5ece7a16f53fc2b2a36869
hash: a8020170bc2d83cc7cdf86e1b729a8874d287d1c5ba4d9515bf45b04a1558b7a
hash: a8cd019b2e762ac277a282eac9dc4507ab1fd81d47b37d0d404469a95f0be4a3
hash: abfb7c3c3ea828bf85874c596cac17770668abb28734cbeec67dc8c958afd340
hash: af339fc0bc2ac4f7618021c9560586164d55c8aa5fa1d1ac740e30739c0ff425
hash: b3c7b3bf625fdce478c0e5def4ab43f8d9e427dfacac7d37f143b3aae0050118
hash: b432adc819e6b5b65004956929dc843cf4cee3ff6dc54687d50268d36ba6a81f
hash: b5a97bc726b26c05d76eb6c51505d1e3fe18eeb7177e2be25854e6d84bda7a02
hash: b5e59c233b825cceaf03b8e902ebdc4d608a3c3d0ee35a092ef8c17fcb48e6f7
hash: b6fb6849c14dddef78c58c62878d3c67f85f81c663a3614992eda616cf36f25c
hash: b82710fc1422c5d94c68999e4fa9f90bf49ec7927636eb12be5933ef0690f354
hash: b9866a44469d7855d114ddfc1b9bdad347ddec6dfcd5c4878367580e40be87df
hash: b9caa844b3d72842f37a57dffc25df3fe1f6083f93295c2fbed0b0281c2652c3
hash: b9f5dc18641151bf70bab31f2acd3409bc149ca8ff9fcb4edd8e20c0311157bd
hash: ba3aed3af58569b8bf6bafbd360aa73bc777e81ee2783b7b0dcb956ea6b82df0
hash: bccd81dc5e2c8eafbf8062561b40f77d63c9f498bd20723d9cd68e1526171b79
hash: c025ff463278744795798abc7ed404f38cf167a447cbd4c0fde7f9a4b2dd0ccc
hash: c09dffd32f233b9d65fe73432cfa29c1de9ea56cfd2f42b985f5e0cccfc0aa4f
hash: c1c5e249919865658403854397a6b62593ee6ab99f4a20ea8ae1e03f1fac5e71
hash: c2a0e65177b941424183f97329fa78bd28696aa928e3a26b7a58088e44e3e4f6
hash: c35ec5aea53b2591e7ee8cf89da86c7a44ca1f333b206c8f33b078c8ddbe4fa9
hash: c52f4f652442ff142c00989e919f43387fb4779964fadc458ec80886727e55be
hash: c64a9e869ad8b210338e462db7bbb9de8c1288a9de3cecc9437666d75821429c
hash: c75d16ef197ddc7241abc712ccb7981ca7817f5761f9f8f986fd8b9fb7036256
hash: ca4e3ab9ea7b85ba81e0141fee19c67d91832155a11c0b378e58749010ff243b
hash: cab6a14f345a6a8404160825d91240ba24c6dccaca6b90da096f05406fcb4935
hash: cd58d6d9065c112293f15ae8bbd2002e88f258e8bee38297903d1ca9025d05a6
hash: cd875cd6c18697b401e0ed103e1d9a5f2d047ec22fa2b772fe3c4dfec6952151
hash: d0141a341f816d3493919524be6e025ccbb04f114a7789d982d35b40b0f7ba63
hash: d2a9a3fdf016e9f0f32671d2dfdfe5fa6f66541822d6c0278ccf8ce9eba94db8
hash: dab22465284356186a3de1ea470f2721e0ac18a84a072ae7dd83f06ca3efb25b
hash: de5022893af502a25ae5f37cfa80783df798d578bb5d69facfd631055cd0f2b5
hash: e3c943ad9ff6a43c88b7d977f207b85c8c2cfd0c69d582e748cf58419d5bc188
hash: e899206a07b322cb69f659a112fd508911bd92be40cfcef4773fcf8b43ce93f9
hash: e95d9c7b29714bb4c880c3417707b2f3da9ad52f65bcf288baa27dd2c8a54c9a
hash: ec513db1dcd045444fb7282f382786d91ed3357d254797afacec8b7bab1f5070
hash: ecb7133e5c2338a74f1f9e836edcb9218a82dcfc83c85cec8f49903246783e48
hash: ee2385867241917960d21cc66b9c58aab8a62d2b203f725458771b3ee7794c80
hash: ee726c64a82244cb65a6a0a768e5fe7032cb5d0897296418ce91f3b561726586
hash: ef9456ada1d93e7cfc1750be1afd68807d532b6e893edd5ad79f016affd29dd0
hash: f010ec8d2ab7b702870ee029aec16c0fdfe64a40f872f36dcb94ae7bc62a4638
hash: f1414ace7527119aa69ea6c18de4d3ae073a306c9c3d63cd1d279059a5077bc4
hash: f41538620ce33c25984032ddcfa339bd1e0dd6b4e7c97688dd7bebb310837716
hash: f5d72181c6b7b8054244a40e6ade96fbb2d6968a132fddee082846b8ca4dc102
hash: f74fac3e5f7ebb092668dc16a9542799ccacc55412cfc6750d0f100b44eef898
hash: f966b7fa2ad4efc87cebb2fe2ac1fcbb21ef22b945dbd44aea9706791537b671
hash: f9a2c3d1b3244b0f38601e26f36d46b8d93b7b3df5e6fd1703e7c5afed8375b9
hash: fab53f1bceaeedb7f84a031346a0ef840328cd28aeb984e34f2434a9d3475237
hash: fdb7373fdcdb59b744e5b4e8369a2ba1c210449aa63dccde3f3546c790701804
hash: ff2933aa3eb4b43ad93e798feec1d3699ce7b75497ed893942e742b3d2514b67
ip: 109.120.179.170
ip: 131.174.164.238
ip: 147.45.45.168
ip: 5.252.153.94
ip: 62.60.178.24
ip: 77.110.116.227

Source: AlienVault OTX General

Published: Tue Aug 12 2025

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

Medium

Published: Tue Aug 12 2025 (08/12/2025, 21:36:09 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

AILast updated: 08/13/2025, 10:47:54 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Author: AlienVault
Tlp: white
References: ["https://blog.talosintelligence.com/ps1bot-malvertising-campaign/"]
Adversary: null
Pulse Id: 689bb3c9004eca543a36d5fc
Threat Score: null

Indicators of Compromise

Ip

Value	Description	Copy
ip181.174.164.117	—
ip181.174.164.12	—
ip181.174.164.161	—
ip181.174.164.170	—
ip181.174.164.180	—
ip181.174.164.2	—
ip181.174.164.201	—
ip181.174.164.238	—
ip181.174.164.47	—
ip213.176.113.168	—
ip109.120.179.170	—
ip131.174.164.238	—
ip147.45.45.168	—
ip5.252.153.94	—
ip62.60.178.24	—
ip77.110.116.227	—

Hash

Value	Description	Copy
hash1331e12e59aa729531fbfd44ae73fa3d	—
hash18f50c834765bd783de82ff0675a780e	—
hash6dc093e7f5c0986d371b1e22c97d2cab	—
hash7b20f4d5ab79cd5885535954a0110e24	—
hash87165a7e0f2c639ea1c0ceb2e9f7ec35	—
hashc33c0ccbda3c3a3b6ddc99f56a0aa405	—
hash17118d0d57653fca7b87eb369151702828ae72ad	—
hash42f7ef7388f1e6214ad6c359b4b8d4c7437f9241	—
hash4f7d098807be470637cb6926fff5ee0751d8b810	—
hashb4f8874ba735b15a1ca69a4c12d257d20d8a465c	—
hashd50a55e361b8584c3b57e741edc8f924753e0d1a	—
hashf6c23281f2948f2efde3e307b32606dc25deb787	—
hash01a94f7403e9e8cbe1cab08c4a1730e79e129d4c24193100292f69ed0d1979a9	—
hash048b2bafb871b586e895a0749ca74a6ebf47d1901b35730097c7a981d868772e	—
hash04b6a4c58ff8db639125a8277e7a3e8fb00100dd88f299896e24ac0fca928460	—
hash05d79a474dfe20fbb433806e215d78b31cf8574cd955588fb15cadbf720bf3c7	—
hash07b8120b557816182ea185e9d20b61445601c20c874761c41c4ab9a12d596886	—
hash0e415f71530b9d65e9804d8bc3fb12f53d26e6c27919db32c8a2924e437ecaa7	—
hash107afca60912befade2b9867167135da0a8658e6eb515330b064a9db73a562ac	—
hash14371c2993a31cdf39a8747a589e1eff365b7711a1d9fdfbc8b5273f397aa29e	—
hash190f954bcca561f829b56b6e3dfce7a0d9206eab6628ee55a04d0c2c4a45c83a	—
hash1b3e8dc1f493b8e9bd8cbe1aa948acef8e6aac41f480bff76075327dbe66652b	—
hash1c0f9d45e5fd0858eed93c36d9fb2ed8fd30a3fc9f0a58c1fa5c38bc32a9cf07	—
hash1e437075ff88f4ab33447a14683a9304dcb0bdb6cc52f2cff065f404a949e3fb	—
hash1e63e374ec0b11f361a1b051e4d123e3a2a10404ba81cfff912cbd4c96187297	—
hash1fe0138168469fb6d3f0f07f848499057d8990879d7ae2cddcd9345faa335dc7	—
hash21a56e1b10037c794a7eac52d71b063b76b0ff2e92af507d2f8d9f87402b721c	—
hash244e511e0699fe0b6722244dbe66026597bdf5b4369c9c66f846a3f49b438341	—
hash253ed51910d7835eafb1a21814f45520809ee6420c0a882b1c2d64487542652a	—
hash2616e7157017331e10f932ae45bccdde091c724aca5496b069b17fd42f952a4b	—
hash291700be999ed8d361e9418a3375353c384999afc42271affa7ecc395f137fc0	—
hash330a579ba3bb727a8c98079d127d6341c2ae8321f164c0b2050ed7d1dee4b588	—
hash33621b2d12a898e4a78b7e5e1dc59506a9fe3b0fb4fe2ff33c32795ea5b312a6	—
hash34804cb36531f1871c0a51e5163bfd639b97c7fe4d1604295c326e08e1afadd9	—
hash368b1fb562d913222a06b6c4ec5c9aa060b1c223a8acbfd747167c75856b16b0	—
hash36c3affc545476d2c5db29fcf9129849706ae41bd54894b7eb5dfe8c6b670b4b	—
hash3f97a1c386e14a44e7eb259858adec0bb1546fe59d3199595cb6c3d4d1988470	—
hash411f6444889d5bdba73cf7735f29a8fa971f80cb9d0464c8475d304bf22e94d5	—
hash41c8b2709640428746aca1e842d99db237a91f9cf948396303c8b73e90b785a0	—
hash42fe9d401dd68ddfde23e89a7a4c08125dc0aa121cdfe930589798a92b4262cf	—
hash453b93029be22447b4bf2925991f72a1b063c753c85e230e44ee1ab382b338ea	—
hash45ba535ccd969263b74ddc571efe3ae023fba2b9567ac272967f92e799c7f83c	—
hash48eb1c7586732005ab6da8644e550c7aa75fa382d1cc27e82ed43ca953604078	—
hash49f323dbe82ec8452b8e205bc7aa0925bc9f48f2b4ebf66e3c54a9e3b08d5be5	—
hash4dbd1bf6a07b97cb14cd4e2d78d09bc3561f225b64f99dc40774959e6bd9de21	—
hash58b4d06da885b9e373516b560d4e8ea87a7281f19bebf547100950e41511d67e	—
hash5980798820124788c99dbbfa6da0e3a1b8bd5e8f18804a2a0bee6d0bc119c685	—
hash5afbfd477f803d1b0de651c1a16ffb7c698ba4033258276b8e19bfa749b3ffb5	—
hash5bba8e7b6f31b3bdd2db9562b327e5e464867aeb436c268957ecee9690db181d	—
hash5c569c68ec4085607b7c23854105a9255dd4290c8ed43f1d95141f77db4e4781	—
hash5c983b71d035b05aba30778804bd6a2db6a9e00b1e186083813cf6ae513f89f6	—
hash64c6bfb31a340464a99acb4c51680070e470ca649ff29f5db26954bf13963b26	—
hash6669f4a455f5c71667f5f8b0e0d627f1398e15112e08277205a883487c189603	—
hash6bf52b79adbd2b79118700810b8437e2ec2e5e19d599e4e068c8f6f0d76ffc1a	—
hash705b51c3ccd0bd375a65fa1e80acfef80709b50b2a7d54b487309f49e9a92f11	—
hash70da9f738fcc760986e0ed4f76f84800d3a038f672c64683a1d5323043da76e9	—
hash7270dfd6bd579283f4f2cb5654de644491d29812109ae51a71886241cb824395	—
hash7377c7e3daa3c0d3cfd941c6cb0e27271dd2acbc0737c472b609861b0bf44a5f	—
hash76e60c2bad2d4ff20845dc9b4fc969fda6be34531ead2e53568b917fc815ae36	—
hash780ea1c97bbfe745628415aa0049c9febfcf56857a3482e910289ff229e6b7f5	—
hash7abafcb21b1f7fd4c07b54c3ca99912caaacfc0e8e7330631d62247faede6ada	—
hash7b89423831873906aa3f28507d1adbcca92b37dbb8a9be4f2d753ebc31467f33	—
hash7c5f964dda057e8f5bc7f81204bfb3f607191e7250cc60eb0c0fd69ee83f62c2	—
hash809f4ffef71ab43d692d4fececf1dfefffb0854ae1f15486960b1c198c47c69f	—
hash84147b1bd16218d165b5fc6b72040a69f10fdc9c654ca056e997cec18638b4ff	—
hash87d493b325177b038f068819b9efbdaf7596e252cc0cdc421b831226e9e20500	—
hash89b0f2496b6200d93e1734bf586bcf67473e0437a3301403e6708f58ade9cbe6	—
hash8a1b2bee78a30f2f119a37a0e024b47fb21572f6f7e02444302889fc1bd75686	—
hash8e7241ba98618ccb4ca015f3673704a8df9cd8de5aa2e8a287e565479755567b	—
hash90588fa7721cc3a381ec2353299beeb9918766ee38cfbf95bac45e15ef84d81c	—
hash90a81e6dd69c7f01bbd6bf74e259a1374bfe362bd23445532cf8d044b9739f8b	—
hash9304ff7136c030896973b0192c3ff02d47daaae9aa04db80a980df5c8eaffd91	—
hash943964e8eec89f1b8cb16c0cb813e0253529f47b60b2ecdef5afb4b0abd0d511	—
hash94a7a0ad7ba79bccbdbfd542269b20fae67df35e05537106e91aed6f2553d088	—
hash9a5685effadb8c63cea8b14115402ad3cfe721984b68726f8afd4f4b38e00a8b	—
hash9b3a0f109f96dbc74f65cf464cdc92760c1aaec1cda55d5bf39e6359bebbfedf	—
hash9cc1657fa9f056a7b34009c71d376f9af41e3b2505e0e3ecca536c806c5eeda4	—
hasha2cca39a4bcd12b6213334d7bc7cfced07636d24a760b7a8e39f05b85bf86caf	—
hasha3730e2dbcaf2bd3dea2c57c945175480577fe00ed5ece7a16f53fc2b2a36869	—
hasha8020170bc2d83cc7cdf86e1b729a8874d287d1c5ba4d9515bf45b04a1558b7a	—
hasha8cd019b2e762ac277a282eac9dc4507ab1fd81d47b37d0d404469a95f0be4a3	—
hashabfb7c3c3ea828bf85874c596cac17770668abb28734cbeec67dc8c958afd340	—
hashaf339fc0bc2ac4f7618021c9560586164d55c8aa5fa1d1ac740e30739c0ff425	—
hashb3c7b3bf625fdce478c0e5def4ab43f8d9e427dfacac7d37f143b3aae0050118	—
hashb432adc819e6b5b65004956929dc843cf4cee3ff6dc54687d50268d36ba6a81f	—
hashb5a97bc726b26c05d76eb6c51505d1e3fe18eeb7177e2be25854e6d84bda7a02	—
hashb5e59c233b825cceaf03b8e902ebdc4d608a3c3d0ee35a092ef8c17fcb48e6f7	—
hashb6fb6849c14dddef78c58c62878d3c67f85f81c663a3614992eda616cf36f25c	—
hashb82710fc1422c5d94c68999e4fa9f90bf49ec7927636eb12be5933ef0690f354	—
hashb9866a44469d7855d114ddfc1b9bdad347ddec6dfcd5c4878367580e40be87df	—
hashb9caa844b3d72842f37a57dffc25df3fe1f6083f93295c2fbed0b0281c2652c3	—
hashb9f5dc18641151bf70bab31f2acd3409bc149ca8ff9fcb4edd8e20c0311157bd	—
hashba3aed3af58569b8bf6bafbd360aa73bc777e81ee2783b7b0dcb956ea6b82df0	—
hashbccd81dc5e2c8eafbf8062561b40f77d63c9f498bd20723d9cd68e1526171b79	—
hashc025ff463278744795798abc7ed404f38cf167a447cbd4c0fde7f9a4b2dd0ccc	—
hashc09dffd32f233b9d65fe73432cfa29c1de9ea56cfd2f42b985f5e0cccfc0aa4f	—
hashc1c5e249919865658403854397a6b62593ee6ab99f4a20ea8ae1e03f1fac5e71	—
hashc2a0e65177b941424183f97329fa78bd28696aa928e3a26b7a58088e44e3e4f6	—
hashc35ec5aea53b2591e7ee8cf89da86c7a44ca1f333b206c8f33b078c8ddbe4fa9	—
hashc52f4f652442ff142c00989e919f43387fb4779964fadc458ec80886727e55be	—
hashc64a9e869ad8b210338e462db7bbb9de8c1288a9de3cecc9437666d75821429c	—
hashc75d16ef197ddc7241abc712ccb7981ca7817f5761f9f8f986fd8b9fb7036256	—
hashca4e3ab9ea7b85ba81e0141fee19c67d91832155a11c0b378e58749010ff243b	—
hashcab6a14f345a6a8404160825d91240ba24c6dccaca6b90da096f05406fcb4935	—
hashcd58d6d9065c112293f15ae8bbd2002e88f258e8bee38297903d1ca9025d05a6	—
hashcd875cd6c18697b401e0ed103e1d9a5f2d047ec22fa2b772fe3c4dfec6952151	—
hashd0141a341f816d3493919524be6e025ccbb04f114a7789d982d35b40b0f7ba63	—
hashd2a9a3fdf016e9f0f32671d2dfdfe5fa6f66541822d6c0278ccf8ce9eba94db8	—
hashdab22465284356186a3de1ea470f2721e0ac18a84a072ae7dd83f06ca3efb25b	—
hashde5022893af502a25ae5f37cfa80783df798d578bb5d69facfd631055cd0f2b5	—
hashe3c943ad9ff6a43c88b7d977f207b85c8c2cfd0c69d582e748cf58419d5bc188	—
hashe899206a07b322cb69f659a112fd508911bd92be40cfcef4773fcf8b43ce93f9	—
hashe95d9c7b29714bb4c880c3417707b2f3da9ad52f65bcf288baa27dd2c8a54c9a	—
hashec513db1dcd045444fb7282f382786d91ed3357d254797afacec8b7bab1f5070	—
hashecb7133e5c2338a74f1f9e836edcb9218a82dcfc83c85cec8f49903246783e48	—
hashee2385867241917960d21cc66b9c58aab8a62d2b203f725458771b3ee7794c80	—
hashee726c64a82244cb65a6a0a768e5fe7032cb5d0897296418ce91f3b561726586	—
hashef9456ada1d93e7cfc1750be1afd68807d532b6e893edd5ad79f016affd29dd0	—
hashf010ec8d2ab7b702870ee029aec16c0fdfe64a40f872f36dcb94ae7bc62a4638	—
hashf1414ace7527119aa69ea6c18de4d3ae073a306c9c3d63cd1d279059a5077bc4	—
hashf41538620ce33c25984032ddcfa339bd1e0dd6b4e7c97688dd7bebb310837716	—
hashf5d72181c6b7b8054244a40e6ade96fbb2d6968a132fddee082846b8ca4dc102	—
hashf74fac3e5f7ebb092668dc16a9542799ccacc55412cfc6750d0f100b44eef898	—
hashf966b7fa2ad4efc87cebb2fe2ac1fcbb21ef22b945dbd44aea9706791537b671	—
hashf9a2c3d1b3244b0f38601e26f36d46b8d93b7b3df5e6fd1703e7c5afed8375b9	—
hashfab53f1bceaeedb7f84a031346a0ef840328cd28aeb984e34f2434a9d3475237	—
hashfdb7373fdcdb59b744e5b4e8369a2ba1c210449aa63dccde3f3546c790701804	—
hashff2933aa3eb4b43ad93e798feec1d3699ce7b75497ed893942e742b3d2514b67	—

Threat ID: 689c69d2ad5a09ad00406958

Added to database: 8/13/2025, 10:32:50 AM

Last enriched: 8/13/2025, 10:47:54 AM

Last updated: 8/17/2025, 9:09:32 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Ip

Hash

Related Threats

ThreatFox IOCs for 2025-08-18

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

Supply Chain Risk in Python: Termcolor and Colorama Explained

Microsoft 365 Direct Send Abuse: Phishing Risks & Security Recommendations

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility