← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClearFake Leverages Fake reCAPTCHA to Deliver Malicious PowerShell Codes
WHITE CryptoGen Cyber Threat Intelligence Advisory cryptocti 2025-03-19 Modified: 2025-04-18
50
IOCs
MEDIUM VOLUME
ClearFake which is a malicious JavaScript framework, leverages fake reCAPTCHA to trick users to deliver malicious PowerShell codes.
iocsconducthttpsurlsupdatesiemstrategiesupdate siem
Indicators of Compromise (50)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://80.64.30.238/evix.xll 2025-03-19
URL http://80.64.30.238/trip.psd dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f 2025-03-19
URL http://83.217.208.130/xfiles/Ohio.mp4 2025-03-19
URL http://83.217.208.130/xfiles/VIDA.mp3 2025-03-19
URL http://83.217.208.130/xfiles/VIDA.mp4 2025-03-19
URL http://83.217.208.130/xfiles/trip.mp4 2025-03-19
URL http://83.217.208.130/xfiles/trip.psd 2025-03-19
URL https://ads.green-pickle-jo.shop/1.m4a 2025-03-19
URL https://ai.fdswgw.shop/one.mp4 2025-03-19
URL https://blog.sekoia.io/clearfa 2025-03-19
URL https://cybersecuritynews.co 2025-03-19
URL https://discover-travel-agency.pro/1.m4a 2025-03-19
URL https://discover-travel-agency.pro/joke.m4a 2025-03-19
URL https://discover-travel-agency.pro/walking.mp3 e1ed30b9fb9cbcb62cfc1ba0e874ded614eee0c18761b8c62612a7619741d6e3 2025-03-19
URL https://dns-verify-me.pro/xfiles/train.mp4 2025-03-19
URL https://human-verify-4r.pro/xfiles/human.cpp 2025-03-19
URL https://human-verify-4r.pro/xfiles/verify.mp4 30517fa2fb275e4e2eed484ed7c0a262ad2f20d75d5354541deeb5b43802b5df 2025-03-19
URL https://human-verify.shop/xfiles/verify.mp4 2025-03-19
URL https://hur.bweqlkjr.shop/1a.m4a 2025-03-19
URL https://hur.bweqlkjr.shop/m41.mp4 2025-03-19
URL https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4 2025-03-19
URL https://nbhg-v.iuksdfb-f.shop/ajax.mp3 2025-03-19
URL https://note1.nz7bn.pro/nnp.mp4 2025-03-19
URL https://recaptcha-manual.shop/kangarooing.m4a 2025-03-19
URL https://recaptcha-verify-4h.pro/kangarooing.m4a 2025-03-19
URL https://recaptcha-verify-4h.pro/xfiles/kangarooing.vsdx 2025-03-19
URL https://recaptcha-verify-4h.pro/xfiles/verify.mp4 2025-03-19
URL https://sandbox.yunqof.shop/macan.mp3 2025-03-19
URL https://start.cleaning-room-device.shop/sha589.m4a 2025-03-19
URL https://tumbl.design-x.xyz/glass.mp3 2025-03-19
URL https://yob.yrwebsdf.shop/1a.m4a 343b1956cff9bb236a78bd969f50eb02aa2ee391c75d570b297b6f07a705297b 2025-03-19
URL https://yob.yrwebsdf.shop/3t.mp4 2025-03-19
domain cybersecuritynews.co 2025-03-19
domain discover-travel-agency.pro 2025-03-19
domain dns-verify-me.pro 2025-03-19
domain human-verify-4r.pro 2025-03-19
domain human-verify.shop 2025-03-19
domain recaptcha-manual.shop 2025-03-19
domain recaptcha-verify-4h.pro 2025-03-19
hostname ads.green-pickle-jo.shop 2025-03-19
hostname ai.fdswgw.shop 2025-03-19
hostname blog.sekoia.io 2025-03-19
hostname hur.bweqlkjr.shop 2025-03-19
hostname mnjk-jk.bsdfg-zmp-q-n.shop 2025-03-19
hostname nbhg-v.iuksdfb-f.shop 2025-03-19
hostname note1.nz7bn.pro 2025-03-19
hostname sandbox.yunqof.shop 2025-03-19
hostname start.cleaning-room-device.shop 2025-03-19
hostname tumbl.design-x.xyz 2025-03-19
hostname yob.yrwebsdf.shop 2025-03-19