Pulse Detail — Threat Intelligence

PULSE NAME

CryptoClippy Speaks Portuguese

WHITE AlienVault 2023-04-06 Modified: 2023-04-06

IOCs

MEDIUM VOLUME

Unit 42 recently discovered a malware campaign targeting Portuguese speakers, which aims to redirect cryptocurrency away from legitimate users’ wallets and into wallets controlled by threat actors instead. To do this, the campaign uses a type of malware known as a cryptocurrency clipper, which monitors the victim’s clipboard for signs that a cryptocurrency wallet address is being copied.

CryptoClippy Malvertising

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1115 T1547 T1106 T1056 T1104 T1059 T1027 T1105 T1055 T1127 T1566 T1553 T1090 T1082 T1140 T1021 T1496

MALWARE FAMILIES

CryptoClippy

Indicators of Compromise (3 / 26 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	1b43233d5a054808061c190336320e46	—	2023-04-06
FileHash-MD5	4646070b47445451604f291809444703	—	2023-04-06
FileHash-MD5	bcc9fbd90ce7d9e8008b4d482c8810e4	MD5 of 5a1ce64e4fa19531a3222554bbe99aa6aeadb639d51b2a308648cb6e0fa55c05	2023-04-06

References (1)

↗ https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/