← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
From Clipboard to Compromise: A PowerShell Self-Pwn
WHITE TA571 AlienVault 2024-06-17 Modified: 2024-07-17
13
IOCs
MEDIUM VOLUME
This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to copy and paste malicious PowerShell scripts to infect their computers. The threat actors TA571 and ClearFake activity cluster employ this method to deliver malware like DarkGate, Matanbuchus, NetSupport, and various information stealers. Despite requiring significant user interaction, the clever social engineering presents an apparent problem and solution simultaneously, prompting users to act without considering the risks.
malicious scriptdarkgatematanbuchusnetsupportcompromisemalwarelumma stealerpowershellamadey loadervidar stealerxmrigsocial engineeringjaskago
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DarkGate Matanbuchus NetSupport Lumma Stealer Amadey Loader XMRig JaskaGO Vidar Stealer
Indicators of Compromise (13)
All FileHash-SHA256 URL email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 07e0c15adc6fcf6096dd5b0b03c20145171c00afe14100468f18f01876457c80 2024-06-17
FileHash-SHA256 11909c0262563f29d28312baffb7ff027f113512c5a76bab7c5870f348ff778f 2024-06-17
FileHash-SHA256 9701fec71e5bbec912f69c8ed63ffb6dba21b9cca7e67da5d60a72139c1795d1 2024-06-17
URL http://languangjob.com/pandstvx 2024-06-17
URL http://mylittlecabbage.net/qhsddxna 2024-06-17
URL http://mylittlecabbage.net/xcdttafq 2024-06-17
URL https://cdn3535.shop/1.zip 2024-06-17
URL https://jenniferwelsh.com/header.png 2024-06-17
URL https://kostumn1.ilabserver.com/1.zip 2024-06-17
URL https://lashakhazhalia86dancer.com/c.txt 2024-06-17
URL https://oazevents.com/loader.html 2024-06-17
URL https://rtattack.baqebei1.online/df/tt 2024-06-17
email rechtsanwalt@ra-silberkuhl.com 2024-06-17
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn