← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CryptoClippy Speaks Portuguese
WHITE Cryptocurrency CyberHunter_NL 2023-04-06 Modified: 2023-05-06
37
IOCs
MEDIUM VOLUME
A malware campaign targeting Portuguese speakers aims to steal cryptocurrency from legitimate users' wallets, according to Palo Alto Networks Unit 42 Managed Threat Hunting, which has recently discovered a new variant of the malware.
cryptocurrencycryptoclippyfigureexe fileunitwhatsapp weblnk fileethereumethereum walletpalo altostagepowershellvirustotalgeneratoralliancesmokeloaderminer
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
CryptoClippy
Indicators of Compromise (37)
All URL BitcoinAddress FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://104.21.7.130:80 2023-04-06
URL http://104.21.5.250:443 2023-04-06
URL http://172.67.160.80:80 2023-04-06
BitcoinAddress 17VZNX1SN5NtKa8UQFxwQbFeFc3iqRYhem 2023-04-06
BitcoinAddress 1JqDybm2nWTENrHvMyafbSXXtTk5Uv5QAn 2023-04-06
BitcoinAddress 1MVUhqKLr8eEDazESmxxc4mvu6YTaMudMF 2023-04-06
BitcoinAddress 3279PyBGjZTnu1GNSXamReTj98kiYgZdtW 2023-04-06
BitcoinAddress 3EktnHQD7RiAE6uzMj2ZifT9YgRrkSgzQX 2023-04-06
BitcoinAddress bc1qa5wkgaew2dkv56kfvj49j0av5nml45x9ek9hz6 2023-04-06
BitcoinAddress bc1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t4 2023-04-06
FileHash-MD5 1b43233d5a054808061c190336320e46 2023-04-06
FileHash-MD5 4646070b47445451604f291809444703 2023-04-06
FileHash-MD5 bcc9fbd90ce7d9e8008b4d482c8810e4 MD5 of 5a1ce64e4fa19531a3222554bbe99aa6aeadb639d51b2a308648cb6e0fa55c05 2023-04-06
FileHash-SHA1 650b690361785f5b4f2ef6bd867a5bd88c127596 SHA1 of 5a1ce64e4fa19531a3222554bbe99aa6aeadb639d51b2a308648cb6e0fa55c05 2023-04-06
FileHash-SHA256 096983764a75f1c0bab73dd2dea8b1e035ec1a03399fab97c71349a26856b759 2023-04-06
FileHash-SHA256 15f9645e5621e87c96aa6c3497dde36ba83ec80d5f8f43c7cd809e8a636444e5 2023-04-06
FileHash-SHA256 2cff03f9efdaf52626bd1b451d700605dc1ea000c5da56bd0fc59f8f43071040 2023-04-06
FileHash-SHA256 32c9ddcc694ee6c5a38456c4c3e1b433840a18e384e59d63a5d825428abf036b 2023-04-06
FileHash-SHA256 498b55ff3967cabdd175c5ec11ef39a060ebded0f104575f2ef7ecb88fa9e9f1 2023-04-06
FileHash-SHA256 5a1ce64e4fa19531a3222554bbe99aa6aeadb639d51b2a308648cb6e0fa55c05 2023-04-06
FileHash-SHA256 75aa93e997427c55cc1cbe44d271da1971b7fdafcf85dc6cf69491c2e5931f1d 2023-04-06
FileHash-SHA256 766d25d37210ddc3f1afa84e597b3acdbf6dfb0917451f4a344ca5e570adb063 2023-04-06
FileHash-SHA256 7c3e9b05dcd5588c26e07d149af3c897c8879804eff1c3e2616c3dd1fcad65fe 2023-04-06
FileHash-SHA256 7db350f9ec3adb2b7f9a3e9e58c69112b5a7e2ed0337a1c4ac55c9a993116f5c 2023-04-06
FileHash-SHA256 89d7c8c7846068c4f618f80d18944f2fcf47cbebe7390d73c1f16ef0ed48d90b 2023-04-06
FileHash-SHA256 9e19b108f786bf33b58a9efb823619c2aab23107780ceae0baa2d8da19475eb2 2023-04-06
FileHash-SHA256 b6ab39b49d7d5752dbdade697a76e96d518b1b2df00c344772782c8f5950361e 2023-04-06
FileHash-SHA256 c6c486800bcc9d935931c2c6fbde031942d288a124a60beb1e5d38949105b2ad 2023-04-06
FileHash-SHA256 c88c98930181b6038a0565d9bc08ece16995ecbb01821eee6c5dd3772db694f8 2023-04-06
FileHash-SHA256 f00ac1a50c39a4781f8f614205672bc72d55823b39c20bccffa3ba244fa74693 2023-04-06
FileHash-SHA256 f22683e9d2a6e72b3149ef1f26392a1e080ae5f2f004543f2a45732eb78d1e98 2023-04-06
domain hollygap.com 2023-04-06
domain mydigitalrevival.com 2023-04-06
domain pickconferences.com 2023-04-06
domain preflightdesign.com 2023-04-06
domain tunneldrive.com 2023-04-06
domain yogasmob.com 2023-04-06
References (1)
↗ https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/