← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix Campaigns Targeting Windows and macOS
WHITE AlienVault 2026-03-25 Modified: 2026-03-25
141
IOCs
HIGH VOLUME
Insikt Group identified five distinct clusters using the ClickFix social engineering technique for initial access. These clusters impersonate various services like Intuit QuickBooks and Booking.com, demonstrating operational variance but similar core techniques. ClickFix manipulates victims into executing malicious commands within native system tools, bypassing traditional security controls. The methodology has become a standardized template for cybercriminals and APT groups. Campaigns target diverse sectors and use sophisticated obfuscation and living-off-the-land tactics. Defenders are advised to implement aggressive behavioral hardening and user awareness training to mitigate these threats.
living-off-the-landvidarwindowslumma stealerodyssey stealerlummastealernetsupport ratredline stealerinitial accessobfuscationsocial engineeringmacosmacsyncclickfix
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (141)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
IPv4 94.156.112.115 2026-03-25
FileHash-MD5 4b261a6adf6e0c952b5fb837091ff023 2026-03-25
FileHash-MD5 58712aacf6b0f8149c066bda3a034fc3 2026-03-25
FileHash-MD5 95c6515d88e9ea48a9b949a81c1dac4e 2026-03-25
FileHash-SHA1 29c46d28aeb174415c2957b5ba62a4512334f886 2026-03-25
FileHash-SHA1 c93eeb4241f69fea44c4d8ccdde03f3b40a6be3f 2026-03-25
FileHash-SHA1 cf2da87d52a6b08a3b9502b1f6082b8b76ba4d32 2026-03-25
FileHash-SHA256 397dcea810f733494dbe307c91286d08f87f64aebbee787706fe6561ed3e20f8 2026-03-25
FileHash-SHA256 43907e54cf3d1258f695d1112759b5457576481072cc76a679b8477cfeb3db87 2026-03-25
FileHash-SHA256 5d821db386c7c879caeabf3e9f94c94a48eec6ec5a3a0efbae9d69da3f52c1db 2026-03-25
FileHash-SHA256 b17c3e4058aacdcc36b18858d128d6b3058e0ea607a4dc59eb95b18b7c6acc7c 2026-03-25
FileHash-SHA256 c0af6e9d848ada3839811bf33eeb982e6c207e4c40010418e0185283cd5cff50 2026-03-25
IPv4 152.89.244.70 2026-03-25
IPv4 193.222.99.212 2026-03-25
IPv4 193.35.17.12 2026-03-25
IPv4 193.58.122.97 2026-03-25
IPv4 45.144.233.192 2026-03-25
IPv4 45.93.20.141 2026-03-25
IPv4 45.93.20.50 2026-03-25
IPv4 62.164.177.230 2026-03-25
IPv4 77.91.65.144 2026-03-25
IPv4 77.91.65.31 2026-03-25
IPv4 91.202.233.206 2026-03-25
URL http://alababababa.cloud/cVGvQio6.txt. 2026-03-25
domain 4freepics.com 2026-03-25
domain acconthelpdesk.com 2026-03-25
domain account-help.info 2026-03-25
domain account-helpdesk.icu 2026-03-25
domain account-helpdesk.info 2026-03-25
domain account-helpdesk.top 2026-03-25
domain accountmime.com 2026-03-25
domain accountpulse.help 2026-03-25
domain acebirdrep.com 2026-03-25
domain admin-activitycheck.com 2026-03-25
domain alababababa.cloud 2026-03-25
domain anthonydee.com 2026-03-25
domain appmacintosh.com 2026-03-25
domain appmacosx.com 2026-03-25
domain apposx.com 2026-03-25
domain appsmacosx.com 2026-03-25
domain appxmacos.com 2026-03-25
domain ariciversontile.com 2026-03-25
domain bancatangcode.com 2026-03-25
domain bebirdrank.com 2026-03-25
domain billiardinstitute.com 2026-03-25
domain birdrankbox.com 2026-03-25
domain birdrankfx.com 2026-03-25
domain birdrankgo.com 2026-03-25
domain birdrankinc.com 2026-03-25
domain birdrankllc.com 2026-03-25
domain birdrankmax.com 2026-03-25
domain birdranktip.com 2026-03-25
domain birdrankup.com 2026-03-25
domain birdrankus.com 2026-03-25
domain birdrankusa.com 2026-03-25
domain birdrankvip.com 2026-03-25
domain birdrankzen.com 2026-03-25
domain birdrepbiz.com 2026-03-25
domain birdrepgo.com 2026-03-25
domain birdrephelp.com 2026-03-25
domain birdreplab.com 2026-03-25
domain birdrepsys.com 2026-03-25
domain birdrepusa.com 2026-03-25
domain birdrepuse.com 2026-03-25
domain bitbirdrank.com 2026-03-25
domain bitbirdrep.com 2026-03-25
domain bkng-updt.com 2026-03-25
domain checkaccountactivity.com 2026-03-25
domain checkhelpdesk.com 2026-03-25
domain checkpulse.com 2026-03-25
domain checkpulses.com 2026-03-25
domain chrm-srv.com 2026-03-25
domain cryptoinfnews.com 2026-03-25
domain cryptoinfo-allnews.com 2026-03-25
domain cryptoinfo-news.com 2026-03-25
domain cryptonews-info.com 2026-03-25
domain customblindinstall.com 2026-03-25
domain deinhealthcoach.com 2026-03-25
domain elive123go.com 2026-03-25
domain elive777a.com 2026-03-25
domain extracareliving.com 2026-03-25
domain financementure.com 2026-03-25
domain fixbirdrank.com 2026-03-25
domain fomomforhealth.com 2026-03-25
domain getbirdrank.com 2026-03-25
domain gobirdrank.com 2026-03-25
domain gologpoint.com 2026-03-25
domain guypinions.com 2026-03-25
domain helpbirdrank.com 2026-03-25
domain helpbirdrep.com 2026-03-25
domain helpdeskpulse.com 2026-03-25
domain hotelupdatesys.com 2026-03-25
domain infobirdrep.com 2026-03-25
domain joeyapple.com 2026-03-25
domain justbirdrank.com 2026-03-25
domain mac-os-helper.com 2026-03-25
domain macapp-apple.com 2026-03-25
domain macapps-apple.com 2026-03-25
domain macintosh-hub.com 2026-03-25
domain macos-storageperf.com 2026-03-25
domain macosapp-apple.com 2026-03-25
domain macosx-app.com 2026-03-25
domain macosx-apps.com 2026-03-25
domain macosxapp.com 2026-03-25
domain macosxappstore.com 2026-03-25
domain macxapp.com 2026-03-25
domain macxapp.org 2026-03-25
domain mrinmay.net 2026-03-25
domain ms-scedg.com 2026-03-25
domain mybirdrank.com 2026-03-25
domain nhacaired88.com 2026-03-25
domain nobovcs.com 2026-03-25
domain nowbirdrank.com 2026-03-25
domain octopox.com 2026-03-25
domain optbirdrank.com 2026-03-25
domain orkneygateway.com 2026-03-25
domain probirdrep.com 2026-03-25
domain pulse-help-desk.com 2026-03-25
domain quiptly.com 2026-03-25
domain shopifyservercloud.com 2026-03-25
domain sign-in-op-token.com 2026-03-25
domain subsgod.com 2026-03-25
domain surecomforts.com 2026-03-25
domain theinvestworthy.com 2026-03-25
domain thepulseactivity.com 2026-03-25
domain thestayreserve.com 2026-03-25
domain topbirdrank.com 2026-03-25
domain topbirdrep.com 2026-03-25
domain traderslinkfx.com 2026-03-25
domain usbirdrank.com 2026-03-25
domain usebirdrep.com 2026-03-25
domain ustazazharidrus.com 2026-03-25
domain valetfortesla.com 2026-03-25
domain vipbirdrank.com 2026-03-25
domain visitbundala.com 2026-03-25
domain yvngvualr.com 2026-03-25
hostname apple.assistance-tools.com 2026-03-25
hostname apple.diagnostic.wiki 2026-03-25
hostname grandmastertraders.traderslinkfx.com 2026-03-25
hostname hostmaster.extracareliving.com 2026-03-25
hostname ned.coveney-ltd.com 2026-03-25
References (1)
↗ https://www.recordedfuture.com/research/clickfix-campaigns-targeting-windows-and-macos