{ "type": "URL", "indicator": "https://master.hdsjfkgsadoghdsiougds.space", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://master.hdsjfkgsadoghdsiougds.space", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4005496728, "indicator": "https://master.hdsjfkgsadoghdsiougds.space", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6737903e6525119b13ae7cea", "name": "ClickFix Phishing Campaign Delivers New Infostealer", "description": "Gen Digital has uncovered a new infostealer, Glove Stealer, distributed via a phishing campaign using malicious HTML attachments that leverage the ClickFix technique. The campaign employs PowerShell scripts to download and execute its payload, exfiltrating sensitive data such as credentials, browser data, and cryptocurrency wallets. The stealer uses a separate module to bypass Chrome's App-Bound encryption. This campaign highlights a significant risk, requiring robust phishing awareness, layered security controls, and proactive threat hunting to mitigate potential compromises.", "modified": "2024-11-15T18:17:34.903000", "created": "2024-11-15T18:17:34.903000", "tags": [], "references": [ "https://www.gendigital.com/blog/news/innovation/glove-stealer" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Glove", "display_name": "Glove", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 9, "hostname": 2 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "561 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.gendigital.com/blog/news/innovation/glove-stealer" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Glove" ], "industries": [], "unique_indicators": 14 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/hdsjfkgsadoghdsiougds.space", "whois": "http://whois.domaintools.com/hdsjfkgsadoghdsiougds.space", "domain": "hdsjfkgsadoghdsiougds.space", "hostname": "master.hdsjfkgsadoghdsiougds.space" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6737903e6525119b13ae7cea", "name": "ClickFix Phishing Campaign Delivers New Infostealer", "description": "Gen Digital has uncovered a new infostealer, Glove Stealer, distributed via a phishing campaign using malicious HTML attachments that leverage the ClickFix technique. The campaign employs PowerShell scripts to download and execute its payload, exfiltrating sensitive data such as credentials, browser data, and cryptocurrency wallets. The stealer uses a separate module to bypass Chrome's App-Bound encryption. This campaign highlights a significant risk, requiring robust phishing awareness, layered security controls, and proactive threat hunting to mitigate potential compromises.", "modified": "2024-11-15T18:17:34.903000", "created": "2024-11-15T18:17:34.903000", "tags": [], "references": [ "https://www.gendigital.com/blog/news/innovation/glove-stealer" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Glove", "display_name": "Glove", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 9, "hostname": 2 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "561 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://master.hdsjfkgsadoghdsiougds.space", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://master.hdsjfkgsadoghdsiougds.space", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780170436.396932 }