← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape
WHITE AlienVault 2024-11-18 Modified: 2024-12-18
26
IOCs
MEDIUM VOLUME
Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are employing ClickFix through compromised websites, documents, HTML attachments, and malicious URLs. Recent campaigns have included GitHub security vulnerability notifications, Swiss e-commerce marketplace impersonations, fake software updates, and ChatGPT-themed malvertising. The technique has been observed delivering various malware, including AsyncRAT, Danabot, DarkGate, Lumma Stealer, and NetSupport. The popularity of ClickFix is attributed to its effectiveness in bypassing security protections by exploiting users' desire to be helpful and independent.
malware deliverythreat landscapeasyncratsocial engineeringdarkgatelucky volunteerrecaptcha phishdanabotnetsupportlatrodectuslumma stealerxwormphishingpowershellclickfixbrute ratel c4
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
AsyncRAT Danabot DarkGate Lumma Stealer NetSupport Brute Ratel C4 Latrodectus XWorm Lucky Volunteer
Indicators of Compromise (26)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
domain eemmbryequo.shop 2024-11-18
FileHash-MD5 fac2188e4a28a0cf32bf4417d797b0f8 2024-11-18
FileHash-SHA1 1970de8788c07b548bf04d0062a1d4008196a709 2024-11-18
FileHash-SHA256 d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207 2024-11-18
FileHash-MD5 5744e74d67f4cc91f262ddb95ac245a3 2024-11-18
FileHash-SHA1 890799de73d375478d3a5f0e2b86cec6a0585a91 2024-11-18
FileHash-SHA256 5d5b4f259ef3b3d20f6ef1a63def6dee9326efe2b7b7b7e474008aa978f1f19b 2024-11-18
FileHash-SHA256 d9ab6cfa60cc75785e31ca9b5a31dae1c33022bdb90cb382ef3ca823c627590d 2024-11-18
FileHash-SHA256 e726d3324ca8b9a8da4d317c5d749dd0ad58fd447a2eb5eee75ef14824339cd5 2024-11-18
URL http://178.215.224.252/v10/ukyh.php 2024-11-18
URL http://185.147.124.40/Capcha.html 2024-11-18
URL http://188.119.113.152/x64_stealth.dll 2024-11-18
URL https://github-scanner.com/l6E.exe 2024-11-18
URL https://ricardo.aljiri.es/ricardo/captchaV4DE/ 2024-11-18
domain github-scanner.com 2024-11-18
domain isomicrotich.com 2024-11-18
domain keennylrwmqlw.shop 2024-11-18
domain licenseodqwmqn.shop 2024-11-18
domain promptcraft.online 2024-11-18
domain promtcraft.online 2024-11-18
domain reggwardssdqw.shop 2024-11-18
domain relaxatinownio.shop 2024-11-18
domain rilomenifis.com 2024-11-18
domain tendencctywop.shop 2024-11-18
domain tesecuuweqo.shop 2024-11-18
hostname ricardo.aljiri.es 2024-11-18
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape