← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Casting a Wider Net: ClickFix, Deno, and LeakNet’s Scaling Threat
Ransomware operator “LeakNet” is currently averaging about three victims per month, but it’s scaling up and shifting tactics. In recent incidents we investigated, the group added a new initial access path and a new loader technique: “ClickFix” lures hosted on compromised websites and a Deno-based, in-memory loader that most security tools won’t catch. No matter how it gets in, LeakNet then follows the same post-exploitation steps: execution, lateral movement, and payload staging.
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | apiclofront.com | — | 2026-03-18 | |
| domain | binclloudapp.com | — | 2026-03-18 | |
| domain | cnoocim.com | — | 2026-03-18 | |
| domain | crahdhduf.com | — | 2026-03-18 | |
| domain | delhedghogeggs.com | — | 2026-03-18 | |
| domain | mshealthmetrics.com | — | 2026-03-18 | |
| domain | ndibstersoft.com | — | 2026-03-18 | |
| domain | neremedysoft.com | — | 2026-03-18 | |
| domain | okobojirent.com | — | 2026-03-18 | |
| domain | sendtokenscf.com | — | 2026-03-18 | |
| domain | serialmenot.com | — | 2026-03-18 | |
| domain | verify-safeguard.top | — | 2026-03-18 | |
| domain | weaplink.com | — | 2026-03-18 | |
| domain | windowallclean.com | — | 2026-03-18 | |
| hostname | tools.usersway.net | — | 2026-03-18 |