Pulse Detail — Threat Intelligence

PULSE NAME

CryptoClippy Speaks Portuguese

WHITE AlienVault 2023-04-06 Modified: 2023-04-06

IOCs

MEDIUM VOLUME

Unit 42 recently discovered a malware campaign targeting Portuguese speakers, which aims to redirect cryptocurrency away from legitimate users’ wallets and into wallets controlled by threat actors instead. To do this, the campaign uses a type of malware known as a cryptocurrency clipper, which monitors the victim’s clipboard for signs that a cryptocurrency wallet address is being copied.

CryptoClippy Malvertising

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1115 T1547 T1106 T1056 T1104 T1059 T1027 T1105 T1055 T1127 T1566 T1553 T1090 T1082 T1140 T1021 T1496

MALWARE FAMILIES

CryptoClippy

Indicators of Compromise (1 / 26 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	650b690361785f5b4f2ef6bd867a5bd88c127596	SHA1 of 5a1ce64e4fa19531a3222554bbe99aa6aeadb639d51b2a308648cb6e0fa55c05	2023-04-06

References (1)

↗ https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/