← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClearFake: a newcomer to the "fake updates" threats landscape - Sekoia.io Blog
WHITE CyberHunter_NL 2023-10-19 Modified: 2023-11-18
79
IOCs
HIGH VOLUME
A security analysis of ClearFake, a new malicious JavaScript framework deployed on compromised websites to deliver malware using a drive-by download technique, reveals how the malware is deployed and how it is tracked.
clearfakejavascriptseptemberappx filehijackloaderappxclearfake c2iocssocgholishhtml pagenextaugustraccoonvidarfirstclickmalwarebazarbackdooremotetdanabotredlineremcossystembcthirdloaderfakesgmagniberidat loader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
JavaScript Javascript FakeSG Magniber Vidar HijackLoader IDAT Loader ClearFake
Indicators of Compromise (79)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://ojhggnfbcy62.com/?_lp=1&_token=uuid_1ubo22l1dqqlm_1ubo22l1dqqlm6518291d817043.55797095 2023-10-19
FileHash-MD5 58d8d75b0ca5e316862ed81cdb2d0c67 2023-10-19
FileHash-MD5 a7900cdbb2912d76aa6329c5c41d8609 MD5 of b583d86c4abc6d6ca57bde802b7e9d8143a249aed6a560a4626e79ae13f6209d 2023-10-19
FileHash-MD5 bfe16fc5d100757bd9dec4ef1aa42913 2023-10-19
FileHash-MD5 d113b3debc7e0a2da4369dd8d1dbad53 MD5 of d60d4da2cfe120138a3fde66694b40ae2710cfc2af33cb7810b3a0e9b1663a4f 2023-10-19
FileHash-MD5 e89f448e8f41a590c51d34948bdc9c1e 2023-10-19
FileHash-SHA1 10e3b5e5cabcfbe1e79caa1a47efd994122d5429 SHA1 of b583d86c4abc6d6ca57bde802b7e9d8143a249aed6a560a4626e79ae13f6209d 2023-10-19
FileHash-SHA1 1890ad1d2b7dd04f6b4f07a50362662436ace295 SHA1 of 58d8d75b0ca5e316862ed81cdb2d0c67 2023-10-19
FileHash-SHA1 78e17bd7e30c66aaef91a5b5fcb36a036a1074b7 SHA1 of d60d4da2cfe120138a3fde66694b40ae2710cfc2af33cb7810b3a0e9b1663a4f 2023-10-19
FileHash-SHA1 e863403c053975cc135117f9decbed0fcd20bdf6 SHA1 of e89f448e8f41a590c51d34948bdc9c1e 2023-10-19
FileHash-SHA1 fea7efb1d23337d7eef3178cdf7e055f2a141317 SHA1 of bfe16fc5d100757bd9dec4ef1aa42913 2023-10-19
FileHash-SHA256 7d94e045fc80fb985385702b11312b6dbadecf802168328cb0db0f62cc66fa3c SHA256 of 58d8d75b0ca5e316862ed81cdb2d0c67 2023-10-19
FileHash-SHA256 815d2e32e948681c85d56aff9eb9ac597647effa8da6db2b81fa2109f9875ff6 SHA256 of e89f448e8f41a590c51d34948bdc9c1e 2023-10-19
FileHash-SHA256 a70b72efd8cd83f2b79cc9b9823112930e8ffa49edeb6bb5d2b1bbcabccefafb 2023-10-19
FileHash-SHA256 b583d86c4abc6d6ca57bde802b7e9d8143a249aed6a560a4626e79ae13f6209d 2023-10-19
FileHash-SHA256 ce54b949607227a4b5b1f521b5ec0c37e4bde1549c667e53f56cf3b5b6156d35 SHA256 of bfe16fc5d100757bd9dec4ef1aa42913 2023-10-19
FileHash-SHA256 d60d4da2cfe120138a3fde66694b40ae2710cfc2af33cb7810b3a0e9b1663a4f 2023-10-19
URL https://ojhggnfbcy62.com/ZgbN19Mx 2023-10-19
URL https://ojhggnfbcy62.com/lander/firefox_1695214415/_index.php 2023-10-19
URL https://ojhggnfbcy62.com/lander/firefox_1695214415/index.php 2023-10-19
URL https://ojhggnfbcy62.com/vvmd54/ 2023-10-19
URL https://server2-slabx.ocmtancmi2c5t.live/osmesis/1829973585.png 2023-10-19
URL https://stats-best.site/fp.php 2023-10-19
domain 921hapudyqwdvy.com 2023-10-19
domain 98ygdjhdvuhj.com 2023-10-19
domain adqdqqewqewplzoqmzq.site 2023-10-19
domain bgobgogimrihehmxerreg.site 2023-10-19
domain boiibzqmk12j.com 2023-10-19
domain bookchrono8273.com 2023-10-19
domain borbrbmrtxtrbxrq.site 2023-10-19
domain bpjoieohzmhegwegmmuew.online 2023-10-19
domain cczqyvuy812jdy.com 2023-10-19
domain deobfuscate.io 2023-10-19
domain ewkekezmwzfevwvwvvmmmmmmwfwf.site 2023-10-19
domain gkrokbmrkmrxtmxrxr.space 2023-10-19
domain indogervo22tevra.com 2023-10-19
domain indogevro22tevra.com 2023-10-19
domain ioiubby73b1n.com 2023-10-19
domain kjniuby621edoo.com 2023-10-19
domain komomjinndqndqwf.store 2023-10-19
domain lminoeubybyvq.com 2023-10-19
domain nbvyrxry216vy.com 2023-10-19
domain ngvcfrttgyu512vgv.net 2023-10-19
domain nmbvcxzasedrt.com 2023-10-19
domain ocmtancmi2c5t.live 2023-10-19
domain oekofkkfkoeefkefbnhgtrq.space 2023-10-19
domain oiouhvtybh291.com 2023-10-19
domain oiqwbuwbwqznjqsdfsfqhf.site 2023-10-19
domain oiuugyfytvgb22h.com 2023-10-19
domain oiuytyfvq621mb.org 2023-10-19
domain ojhggnfbcy62.com 2023-10-19
domain omdowqind.site 2023-10-19
domain ooinonqnbdqnjdnqwqkdn.space 2023-10-19
domain opkfijuifbuyynyny.com 2023-10-19
domain opmowmokmwczmwecmef.site 2023-10-19
domain owkdzodqzodqjefjnnejenefe.site 2023-10-19
domain pklkknj89bygvczvi.com 2023-10-19
domain poqwjoemqzmemzgqegzqzf.online 2023-10-19
domain pwwqkppwqkezqer.site 2023-10-19
domain reedx51mut.com 2023-10-19
domain sioaiuhsdguywqgyuhiqw.org 2023-10-19
domain sioaiuhsdguywqgyuhuiqw.org 2023-10-19
domain stats-best.site 2023-10-19
domain ug62r67uiijo2.com 2023-10-19
domain vcrwtttywuuidqioppn1.com 2023-10-19
domain vvooowkdqddcqcqcdqggggl.site 2023-10-19
domain weomfewnfnu.site 2023-10-19
domain wffewiuofegwumzowefmgwezfzew.site 2023-10-19
domain wnimodmoiejn.site 2023-10-19
domain wsexdrcftgyy191.com 2023-10-19
domain ytntf5hvtn2vgcxxq.com 2023-10-19
domain zasexdrc13ftvg.com 2023-10-19
domain ziucsugcbfyfbyccbasy.com 2023-10-19
domain znqjdnqzdqzfqmfqmkfq.site 2023-10-19
hostname server2-slabx.ocmtancmi2c5t.live 2023-10-19
URL https://hello-world-broken-dust-1f1c.brewasigfi1978.workers.dev/ 2023-10-19
URL https://www.dropbox.com/e/scl/fi/6gtsp3qjf54lsec0piwvq/Ml-r-s-ft-dg-S-tup.appx?rlkey=hdm3apoi4n31v2rxruiosvtaa&dl=1 2023-10-19
hostname brewasigfi1978.workers.dev 2023-10-19
hostname hello-world-broken-dust-1f1c.brewasigfi1978.workers.dev 2023-10-19
References (1)
↗ https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/#h-iocs