Pulse Detail — Threat Intelligence

PULSE NAME

ClearFake: a newcomer to the “fake updates” threats landscape

WHITE AlienVault 2023-10-16 Modified: 2024-11-11

IOCs

HIGH VOLUME

A security analysis of ClearFake, a new malicious JavaScript framework deployed on compromised websites to deliver malware using a drive-by download technique, reveals how the malware is deployed and how it is tracked.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1036 T1041 T1059 T1189 T1584

MALWARE FAMILIES

ClearFake

Indicators of Compromise (6 / 74 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	7d94e045fc80fb985385702b11312b6dbadecf802168328cb0db0f62cc66fa3c	SHA256 of 58d8d75b0ca5e316862ed81cdb2d0c67	2023-10-16
FileHash-SHA256	815d2e32e948681c85d56aff9eb9ac597647effa8da6db2b81fa2109f9875ff6	SHA256 of e89f448e8f41a590c51d34948bdc9c1e	2023-10-16
FileHash-SHA256	a70b72efd8cd83f2b79cc9b9823112930e8ffa49edeb6bb5d2b1bbcabccefafb	—	2023-10-16
FileHash-SHA256	b583d86c4abc6d6ca57bde802b7e9d8143a249aed6a560a4626e79ae13f6209d	—	2023-10-16
FileHash-SHA256	ce54b949607227a4b5b1f521b5ec0c37e4bde1549c667e53f56cf3b5b6156d35	SHA256 of bfe16fc5d100757bd9dec4ef1aa42913	2023-10-16
FileHash-SHA256	d60d4da2cfe120138a3fde66694b40ae2710cfc2af33cb7810b3a0e9b1663a4f	—	2023-10-16

References (1)

↗ https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/