ClickFix tactic: Revenge of detection
Tags
cmtmf-attack-pattern: Masquerading
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Mshta - T1218.005 Network Devices - T1584.008 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Masquerading - T1036 Mshta - T1170 Powershell - T1086 Rundll32 - T1085 Masquerading
Show in Graph
Common Information
Type Value
UUID 28e89640-cbd0-40fa-9446-0dd17b713db6
Fingerprint a4d1c91103b79f29
Analysis status DONE
Considered CTI value 1
Text language
Published Nov. 5, 2024, 7:39 a.m.
Added to db Nov. 5, 2024, 9:43 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline ClickFix tactic: Revenge of detection
Title ClickFix tactic: Revenge of detection
Detected Hints/Tags/Attributes 82/3/20
Source URLs
Redirection Url
Details Source https://blog.sekoia.io/clickfix-tactic-revenge-of-detection/
URL Provider
Details Provider Source level domain
Details sekoia.io blog.sekoia.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 59 Sekoia.io Blog https://blog.sekoia.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 129 
api.ipify.org
Details Domain 21 
process.parent.name
Details Domain 55 
process.name
Details Domain 16 
process.pid
Details Domain 3 
process.parent.pid
Details Domain 17 
host.name
Details Domain 118 
sekoia.io
Details File 1260 
explorer.exe
Details File 456 
mshta.exe
Details File 63 
bitsadmin.exe
Details File 9 
'mshta.exe
Details File 1 
'bistadmin.exe
Details File 1 
'timeout.exe
Details File 37 
'cmd.exe
Details File 1208 
powershell.exe
Details File 1018 
rundll32.exe
Details File 4 
'bitsadmin.exe
Details File 35 
'powershell.exe
Details File 4 
'.ps1
Details Threat Actor Identifier - APT 783 
APT28