← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic
WHITE PetrP.73 2026-01-30 Modified: 2026-03-01
140
IOCs
HIGH VOLUME
In November 2025, threat analysts from Sekoia TDR discovered a malware distribution campaign targeting WordPress websites using a social engineering tactic known as ClickFix, facilitated through a Traffic Distribution System (TDS). This campaign primarily employed watering hole attacks, wherein legitimate websites are compromised to lure victims into executing malicious commands. Sekoia TDR implemented an advanced detection capability to identify these watering hole attacks, utilizing generic YARA rules to scan for compromised web pages featuring the ClickFix tactic. These rules are based on specific keywords, resource patterns, and JavaScript functions associated with the tactic's implementation.
wordpressiclickfixclickfixjavascriptnetsupport ratclickfix lurefebruarydecembernovemberclearfakeloadercodeadventelementorxfilesnetsupport
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ClickFix
Indicators of Compromise (11 / 140 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 051cdb6ac8e168d178e35489b6da4c74 MD5 of 6562585009f15155eea9a489e474cebc4dd2a01a26d846fdd1b93fdc24b0c269 2026-01-30
FileHash-MD5 0e37fbfa79d349d672456923ec5fbbe3 MD5 of 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 2026-01-30
FileHash-MD5 14ca8f4ee0dd828ecfd0c566dce00f06 MD5 of 83a6feb6304effcd258129e5d46f484e4c34c1cce1ea0c32a94a89283ccd24f9 2026-01-30
FileHash-MD5 26e28c01461f7e65c402bdf09923d435 MD5 of d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368 2026-01-30
FileHash-MD5 3aabcd7c81425b3b9327a2bf643251c6 MD5 of 0cff893b1e7716d09fb74b7a0313b78a09f3f48c586d31fc5f830bd72ce8331f 2026-01-30
FileHash-MD5 3be27483fdcdbf9ebae93234785235e3 MD5 of 4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b 2026-01-30
FileHash-MD5 5be6fb8f28544d4f83c25a2b76ff7890 MD5 of b11380f81b0a704e8c7e84e8a37885f5879d12fbece311813a41992b3e9787f2 2026-01-30
FileHash-MD5 67c53a770390e8c038060a1921c20da9 MD5 of 2dfdc169dfc27462adc98dde39306de8d0526dcf4577a1a486c2eef447300689 2026-01-30
FileHash-MD5 7629af8099b76f85d37b3802041503ee MD5 of 2cc8ebea55c06981625397b04575ed0eaad9bb9f9dc896355c011a62febe49b5 2026-01-30
FileHash-MD5 e7b92529ea10176fe35ba73fa4edef74 MD5 of b6d4ad0231941e0637485ac5833e0fdc75db35289b54e70f3858b70d36d04c80 2026-01-30
FileHash-MD5 ee75b57b9300aab96530503bfae8a2f2 MD5 of 06a0a243811e9c4738a9d413597659ca8d07b00f640b74adc9cb351c179b3268 2026-01-30
References (1)
↗ https://blog.sekoia.io/meet-iclickfix-a-widespread-wordpress-targeting-framework-using-the-clickfix-tactic/