← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape
WHITE AlienVault 2024-11-18 Modified: 2024-12-18
26
IOCs
MEDIUM VOLUME
The ClickFix social engineering technique, which tricks users into copying and running malicious PowerShell commands, has become increasingly prevalent across the threat landscape. Initially observed in campaigns by TA571 and ClearFake, it is now used by multiple threat actors to deliver various malware types. The technique often employs fake error messages or CAPTCHA checks to deceive users. Recent examples include GitHub notification impersonations delivering Lumma Stealer, Swiss-targeted campaigns distributing AsyncRAT, fake software updates deploying NetSupport RAT, and ChatGPT-themed malvertising delivering XWorm. The technique's popularity stems from its effectiveness in bypassing security measures by exploiting users' desire to resolve issues independently.
malware deliverycybersecurityasyncratsocial engineeringdarkgatelucky volunteerrecaptcha phishdanabotnetsupportlatrodectuslumma stealerxwormthreat actorspowershellclickfixbrute ratel c4
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
AsyncRAT Danabot DarkGate Lumma Stealer NetSupport XWorm Brute Ratel C4 Latrodectus Lucky Volunteer
Indicators of Compromise (26)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
domain eemmbryequo.shop 2024-11-18
FileHash-MD5 fac2188e4a28a0cf32bf4417d797b0f8 2024-11-18
FileHash-SHA1 1970de8788c07b548bf04d0062a1d4008196a709 2024-11-18
FileHash-SHA256 d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207 2024-11-18
FileHash-MD5 5744e74d67f4cc91f262ddb95ac245a3 2024-11-18
FileHash-SHA1 890799de73d375478d3a5f0e2b86cec6a0585a91 2024-11-18
FileHash-SHA256 5d5b4f259ef3b3d20f6ef1a63def6dee9326efe2b7b7b7e474008aa978f1f19b 2024-11-18
FileHash-SHA256 d9ab6cfa60cc75785e31ca9b5a31dae1c33022bdb90cb382ef3ca823c627590d 2024-11-18
FileHash-SHA256 e726d3324ca8b9a8da4d317c5d749dd0ad58fd447a2eb5eee75ef14824339cd5 2024-11-18
URL http://178.215.224.252/v10/ukyh.php 2024-11-18
URL http://185.147.124.40/Capcha.html 2024-11-18
URL http://188.119.113.152/x64_stealth.dll 2024-11-18
URL https://github-scanner.com/l6E.exe 2024-11-18
URL https://ricardo.aljiri.es/ricardo/captchaV4DE/ 2024-11-18
domain github-scanner.com 2024-11-18
domain isomicrotich.com 2024-11-18
domain keennylrwmqlw.shop 2024-11-18
domain licenseodqwmqn.shop 2024-11-18
domain promptcraft.online 2024-11-18
domain promtcraft.online 2024-11-18
domain reggwardssdqw.shop 2024-11-18
domain relaxatinownio.shop 2024-11-18
domain rilomenifis.com 2024-11-18
domain tendencctywop.shop 2024-11-18
domain tesecuuweqo.shop 2024-11-18
hostname ricardo.aljiri.es 2024-11-18
References (1)
↗ https://proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape