Pulse Detail — Threat Intelligence

PULSE NAME

ClickFix Campaign Threats to Organizations

WHITE eric.ford 2024-10-30 Modified: 2024-11-29

223

IOCs

HIGH VOLUME

Deepwatch Threat Intel team assesses that cybercriminals will likely continue using the ClickFix technique to target organizations and individuals. The ClickFix technique is a social engineering tactic employed by cybercriminals to deceive users into downloading malware through fake CAPTCHAs, error messages, and prompts that entice users to inadvertently run malicious PowerShell scripts and commands.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1056 T1204 T1176 T1219 T1115 T1195 T1566 T1036 T1123 T1218 T1102 T1125 T1496 T1573 T1059 T1070 T1110 T1003 T1090 T1055 T1583.001 T1584.001 T1566.001 T1204.001 T1059.001 T1036.005 T1547.001 T1562.006 T1555.003

MALWARE FAMILIES

Lumma Amadey RedLine Matanbuchus NetSupport Stealc AMOS Vidar Rhadamanthys DarkGate xmrig

Indicators of Compromise (11 / 223 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	525abe8da7ca32f163d93268c509a4c5	—	2024-10-30
FileHash-MD5	e3274bc41f121b918ebb66e2f0cbfe29	—	2024-10-30
FileHash-MD5	ee2ff2c8f49ca29fe18e8d18b76d4108	—	2024-10-30
FileHash-MD5	0ba52a085647724ae6b56e29bab4af6e	MD5 of a834be6d2bec10f39019606451b507742b7e87ac8d19dc0643ae58df183f773c	2024-10-30
FileHash-MD5	51f8527e20dcb05ffd8586b853937a8a	—	2024-10-30
FileHash-MD5	6bee9adb58a318a61a3af447b31c7f3e	MD5 of 94379fa0a97cc2ecd8d5514d0b46c65b0d46ff9bb8d5a4a29cf55a473da550d5	2024-10-30
FileHash-MD5	acfba6ff2e80e0ebc80df9e7d326337c	MD5 of 92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138	2024-10-30
FileHash-MD5	ba0767946d9cac95fd727d7076c7fec1	MD5 of 2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe	2024-10-30
FileHash-MD5	e7959e4089c1993045e01cb9c3cbc6a5	—	2024-10-30
FileHash-MD5	194577a7e20bdcc7afbb718f502c134c	MD5 of d65165279105ca6773180500688df4bdc69a2c7b771752f0a46ef120b7fd8ec3	2024-10-30
FileHash-MD5	602e1f42d73cadcd73338ffbc553d5a2	MD5 of a4ad384663963d335a27fa088178a17613a7b597f2db8152ea3d809c8b9781a0	2024-10-30

References (4)

↗ https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/ ↗ https://blog.sucuri.net/2024/08/wordpress-websites-used-to-distribute-clearfake-trojan-malware.html ↗ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/#h-fake-google-meet-pages-and-technical-issues ↗ https://www.godaddy.com/resources/news/threat-actors-push-clickfix-fake-browser-updates-using-stolen-credentials