IOC Radar
TLP:WHITE3 IOCs

Hackers Use Tor-Routed C2 and Local SOCKS5 Proxy to Control Crypto Clipper Malware

CP
Cyber Press
Published June 19, 2026Original Report

Diamond Model

Attack Flow8 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1078.004
1/8
Valid Accounts: Account Manipulation
ActionExecute malicious shortcut file
Malware is distributed via malicious shortcut (.lnk) files on USB storage devices, tricking users into executing them.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise3

TypeIndicatorConfidenceScoreFirst Seen
SHA2567630debd35cac6b7d58c4427695579b3e3a8b1cc462f523234cd6c698882a68c
file-hashindicatorintel-blog
Medium
45
Jun 18, 26
SHA25623c1e673f315dafa14b73034a90dd3d393a984451ff6601b8be8142be6487b43
c2clipboard hijackingclipper
Medium
43
Jun 19, 26
SHA256a7abf1d9d6686af1cefcd60b17a312e7eb8cfe267def1ec34aeab6128c811630
file-hashindicatorintel-blog
Medium
45
Jun 18, 26

IOC Relationship Graph

IOC Relationship Graph3 total IOCs
SHA256
SHA2563REPORTHackers Use Tor-Routed C2
scroll to zoom · drag to pan · click IOC to open