Pulse Detail — Threat Intelligence

PULSE NAME

ClearFake: a newcomer to the “fake updates” threats landscape

WHITE AlienVault 2023-10-16 Modified: 2024-11-11

IOCs

HIGH VOLUME

A security analysis of ClearFake, a new malicious JavaScript framework deployed on compromised websites to deliver malware using a drive-by download technique, reveals how the malware is deployed and how it is tracked.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1036 T1041 T1059 T1189 T1584

MALWARE FAMILIES

ClearFake

Indicators of Compromise (3 / 74 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	a7900cdbb2912d76aa6329c5c41d8609	MD5 of b583d86c4abc6d6ca57bde802b7e9d8143a249aed6a560a4626e79ae13f6209d	2023-10-16
FileHash-MD5	d113b3debc7e0a2da4369dd8d1dbad53	MD5 of d60d4da2cfe120138a3fde66694b40ae2710cfc2af33cb7810b3a0e9b1663a4f	2023-10-16
FileHash-MD5	e89f448e8f41a590c51d34948bdc9c1e	—	2023-10-16

References (1)

↗ https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/