From Clipboard to Compromise: A PowerShell Self-Pwn
June 17, 2024, 11:38 a.m.
Tags
External References
Description
This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to copy and paste malicious PowerShell scripts to infect their computers. The threat actors TA571 and ClearFake activity cluster employ this method to deliver malware like DarkGate, Matanbuchus, NetSupport, and various information stealers. Despite requiring significant user interaction, the clever social engineering presents an apparent problem and solution simultaneously, prompting users to act without considering the risks.
Date
Published: June 17, 2024, 11:23 a.m.
Created: June 17, 2024, 11:23 a.m.
Modified: June 17, 2024, 11:38 a.m.
Indicators
9701fec71e5bbec912f69c8ed63ffb6dba21b9cca7e67da5d60a72139c1795d1
11909c0262563f29d28312baffb7ff027f113512c5a76bab7c5870f348ff778f
07e0c15adc6fcf6096dd5b0b03c20145171c00afe14100468f18f01876457c80
91.222.173.113
https://rtattack.baqebei1.online/df/tt
https://oazevents.com/loader.html
https://lashakhazhalia86dancer.com/c.txt
https://kostumn1.ilabserver.com/1.zip
https://cdn3535.shop/1.zip
http://languangjob.com/pandstvx
https://jenniferwelsh.com/header.png
http://mylittlecabbage.net/xcdttafq
http://mylittlecabbage.net/qhsddxna
rechtsanwalt@ra-silberkuhl.com
Attack Patterns
JaskaGO
Vidar Stealer
Amadey Loader
Matanbuchus
Lumma Stealer
DarkGate
XMRig
NetSupport
TA571
T1028
T1557.002
T1193
T1053.005
T1059.001
T1486
T1105
T1027
T1059