ET MALWARE ClickFix Fake Browser Update Page Inbound M2

SID: 2056736Rev: 18 views

Sourceet/open

CreatedOctober 21, 2024

UpdatedOctober 21, 2024

Classificationtrojan-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE ClickFix Fake Browser Update Page Inbound M2"; flow:established,to_client; http.response_body; content:"window|2e|atob"; content:"cG93ZXJzaGVsbC"; distance:0; fast_pattern; content:"Press"; distance:0; content:"Win"; distance:0; content:"|2b|"; distance:0; content:"V"; distance:0; content:"Enter"; distance:0; reference:url,app.any.run/tasks/f132828d-adb0-4deb-9865-194a11ea5f59; reference:md5,528eb8826dffaea4080fbc60d6295016; reference:url,proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn; classtype:trojan-activity; sid:2056736; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_10_21, deployment Perimeter, deployment SSLDecrypt, malware_family ClickFix, confidence Medium, signature_severity Major, updated_at 2024_10_21;)

References

url	app.any.run/tasks/f132828d-adb0-4deb-9865-194a11ea5f59
md5	528eb8826dffaea4080fbc60d6295016 Google Search Brave Search
url	proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

tls stateTLSDecrypt

created at2024_10_21

deploymentSSLDecrypt

malware familyClickFix

confidenceMedium

signature severityMajor

updated at2024_10_21

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!