ET MALWARE ClickFix Obfuscated Payload Inbound

SID: 2053775Rev: 151 views
History
Sourceet/open
CreatedJune 20, 2024
UpdatedJune 20, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE ClickFix Obfuscated Payload Inbound"; flow:established,to_client; http.response_body; content:"SUhOMFpYQnpPaUJ"; content:"YjNCNVFuVjBkRzl1T2lBaVEyOXdlU0JtYVhn"; distance:0; fast_pattern; reference:url,proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn; classtype:trojan-activity; sid:2053775; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_06_20, deployment Perimeter, deployment SSLDecrypt, malware_family ClickFix, confidence High, signature_severity Major, tag compromised_website, updated_at 2024_06_20, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)

References

urlproofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn

Metadata

attack targetClient_Endpoint
tls stateTLSDecrypt
created at2024_06_20
deploymentSSLDecrypt
malware familyClickFix
confidenceHigh
signature severityMajor
tagcompromised_website
updated at2024_06_20
mitre tactic idTA0005
mitre tactic nameDefense_Evasion
mitre technique idT1027
mitre technique nameObfuscated_Files_or_Information

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!