Pulse Detail — Threat Intelligence

PULSE NAME

ClearFake: a newcomer to the “fake updates” threats landscape

WHITE AlienVault 2023-10-16 Modified: 2024-11-11

IOCs

HIGH VOLUME

A security analysis of ClearFake, a new malicious JavaScript framework deployed on compromised websites to deliver malware using a drive-by download technique, reveals how the malware is deployed and how it is tracked.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1036 T1041 T1059 T1189 T1584

MALWARE FAMILIES

ClearFake

Indicators of Compromise (5 / 74 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	10e3b5e5cabcfbe1e79caa1a47efd994122d5429	SHA1 of b583d86c4abc6d6ca57bde802b7e9d8143a249aed6a560a4626e79ae13f6209d	2023-10-16
FileHash-SHA1	1890ad1d2b7dd04f6b4f07a50362662436ace295	SHA1 of 58d8d75b0ca5e316862ed81cdb2d0c67	2023-10-16
FileHash-SHA1	78e17bd7e30c66aaef91a5b5fcb36a036a1074b7	SHA1 of d60d4da2cfe120138a3fde66694b40ae2710cfc2af33cb7810b3a0e9b1663a4f	2023-10-16
FileHash-SHA1	e863403c053975cc135117f9decbed0fcd20bdf6	SHA1 of e89f448e8f41a590c51d34948bdc9c1e	2023-10-16
FileHash-SHA1	fea7efb1d23337d7eef3178cdf7e055f2a141317	SHA1 of bfe16fc5d100757bd9dec4ef1aa42913	2023-10-16

References (1)

↗ https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/