← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CryptoClippy Speaks Portuguese
WHITE AlienVault 2023-04-06 Modified: 2023-04-06
26
IOCs
MEDIUM VOLUME
Unit 42 recently discovered a malware campaign targeting Portuguese speakers, which aims to redirect cryptocurrency away from legitimate users’ wallets and into wallets controlled by threat actors instead. To do this, the campaign uses a type of malware known as a cryptocurrency clipper, which monitors the victim’s clipboard for signs that a cryptocurrency wallet address is being copied.
CryptoClippyMalvertising
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
CryptoClippy
Indicators of Compromise (26)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1b43233d5a054808061c190336320e46 2023-04-06
FileHash-MD5 4646070b47445451604f291809444703 2023-04-06
FileHash-MD5 bcc9fbd90ce7d9e8008b4d482c8810e4 MD5 of 5a1ce64e4fa19531a3222554bbe99aa6aeadb639d51b2a308648cb6e0fa55c05 2023-04-06
FileHash-SHA1 650b690361785f5b4f2ef6bd867a5bd88c127596 SHA1 of 5a1ce64e4fa19531a3222554bbe99aa6aeadb639d51b2a308648cb6e0fa55c05 2023-04-06
FileHash-SHA256 096983764a75f1c0bab73dd2dea8b1e035ec1a03399fab97c71349a26856b759 2023-04-06
FileHash-SHA256 15f9645e5621e87c96aa6c3497dde36ba83ec80d5f8f43c7cd809e8a636444e5 2023-04-06
FileHash-SHA256 32c9ddcc694ee6c5a38456c4c3e1b433840a18e384e59d63a5d825428abf036b 2023-04-06
FileHash-SHA256 498b55ff3967cabdd175c5ec11ef39a060ebded0f104575f2ef7ecb88fa9e9f1 2023-04-06
FileHash-SHA256 5a1ce64e4fa19531a3222554bbe99aa6aeadb639d51b2a308648cb6e0fa55c05 2023-04-06
FileHash-SHA256 75aa93e997427c55cc1cbe44d271da1971b7fdafcf85dc6cf69491c2e5931f1d 2023-04-06
FileHash-SHA256 766d25d37210ddc3f1afa84e597b3acdbf6dfb0917451f4a344ca5e570adb063 2023-04-06
FileHash-SHA256 7c3e9b05dcd5588c26e07d149af3c897c8879804eff1c3e2616c3dd1fcad65fe 2023-04-06
FileHash-SHA256 7db350f9ec3adb2b7f9a3e9e58c69112b5a7e2ed0337a1c4ac55c9a993116f5c 2023-04-06
FileHash-SHA256 89d7c8c7846068c4f618f80d18944f2fcf47cbebe7390d73c1f16ef0ed48d90b 2023-04-06
FileHash-SHA256 9e19b108f786bf33b58a9efb823619c2aab23107780ceae0baa2d8da19475eb2 2023-04-06
FileHash-SHA256 b6ab39b49d7d5752dbdade697a76e96d518b1b2df00c344772782c8f5950361e 2023-04-06
FileHash-SHA256 c6c486800bcc9d935931c2c6fbde031942d288a124a60beb1e5d38949105b2ad 2023-04-06
FileHash-SHA256 c88c98930181b6038a0565d9bc08ece16995ecbb01821eee6c5dd3772db694f8 2023-04-06
FileHash-SHA256 f00ac1a50c39a4781f8f614205672bc72d55823b39c20bccffa3ba244fa74693 2023-04-06
FileHash-SHA256 f22683e9d2a6e72b3149ef1f26392a1e080ae5f2f004543f2a45732eb78d1e98 2023-04-06
domain hollygap.com 2023-04-06
domain mydigitalrevival.com 2023-04-06
domain pickconferences.com 2023-04-06
domain preflightdesign.com 2023-04-06
domain tunneldrive.com 2023-04-06
domain yogasmob.com 2023-04-06
References (1)
↗ https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/