Show threadThreatCat.chSep 24, 2024
The payload itself is classified as #brutel / #Latrodectus / #BruteRatel :
https://www.virustotal.com/gui/file/6ab1bee44804b0821933c7b20bbdc92deb6a21fd587a51d43761ba1500c2149d/behavior
VirusTotal

VirusTotal

ThreatCat.chSep 24, 2024
Finally we also witnessed in the wild one of those #ClearFake / #ClickFix bait delivered per email as reported by Proofpoint in June - ending with a #brutel / #Latrodectus / #BruteRatel
payload https://www.proofpoint.com/au/blog/threat-insight/clipboard-compromise-powershell-self-pwn
From Clipboard to Compromise: A PowerShell Self-Pwn | Proofpoint AU

Key findings  Proofpoint researchers identified an increasingly popular technique leveraging unique social engineering to run PowerShell and install malware. Researchers observed TA571 and the Clea...

Proofpoint