← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClearFake: a newcomer to the “fake updates” threats landscape
WHITE AlienVault 2023-10-16 Modified: 2024-11-11
74
IOCs
HIGH VOLUME
A security analysis of ClearFake, a new malicious JavaScript framework deployed on compromised websites to deliver malware using a drive-by download technique, reveals how the malware is deployed and how it is tracked.
clearfakejavascriptfake update
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ClearFake
Indicators of Compromise (9 / 74 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://ojhggnfbcy62.com/?_lp=1&_token=uuid_1ubo22l1dqqlm_1ubo22l1dqqlm6518291d817043.55797095 2023-10-16
URL https://ojhggnfbcy62.com/ZgbN19Mx 2023-10-16
URL https://ojhggnfbcy62.com/lander/firefox_1695214415/_index.php 2023-10-16
URL https://ojhggnfbcy62.com/lander/firefox_1695214415/index.php 2023-10-16
URL https://ojhggnfbcy62.com/vvmd54/ 2023-10-16
URL https://server2-slabx.ocmtancmi2c5t.live/osmesis/1829973585.png 2023-10-16
URL https://stats-best.site/fp.php 2023-10-16
URL https://hello-world-broken-dust-1f1c.brewasigfi1978.workers.dev/ 2023-10-16
URL https://www.dropbox.com/e/scl/fi/6gtsp3qjf54lsec0piwvq/Ml-r-s-ft-dg-S-tup.appx?rlkey=hdm3apoi4n31v2rxruiosvtaa&dl=1 2023-10-16
References (1)
↗ https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/