Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

From Clipboard to Compromise: A PowerShell Self-Pwn

June 17, 2024, 11:38 a.m.

Description

This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to copy and paste malicious PowerShell scripts to infect their computers. The threat actors TA571 and ClearFake activity cluster employ this method to deliver malware like DarkGate, Matanbuchus, NetSupport, and various information stealers. Despite requiring significant user interaction, the clever social engineering presents an apparent problem and solution simultaneously, prompting users to act without considering the risks.

Date

Published: June 17, 2024, 11:23 a.m.

Created: June 17, 2024, 11:23 a.m.

Modified: June 17, 2024, 11:38 a.m.

Indicators

9701fec71e5bbec912f69c8ed63ffb6dba21b9cca7e67da5d60a72139c1795d1

11909c0262563f29d28312baffb7ff027f113512c5a76bab7c5870f348ff778f

07e0c15adc6fcf6096dd5b0b03c20145171c00afe14100468f18f01876457c80

91.222.173.113

https://rtattack.baqebei1.online/df/tt

https://oazevents.com/loader.html

https://lashakhazhalia86dancer.com/c.txt

https://kostumn1.ilabserver.com/1.zip

https://cdn3535.shop/1.zip

http://languangjob.com/pandstvx

https://jenniferwelsh.com/header.png

http://mylittlecabbage.net/xcdttafq

http://mylittlecabbage.net/qhsddxna

rechtsanwalt@ra-silberkuhl.com

Attack Patterns

JaskaGO

Vidar Stealer

Amadey Loader

Matanbuchus

Lumma Stealer

DarkGate

XMRig

NetSupport

TA571

T1028

T1557.002

T1193

T1053.005

T1059.001

T1486

T1105

T1027

T1059