crep1x

We published an in-depth analysis on the #ErrTraffic framework, detailing two specific clusters ("Beer" and "Analytics"), campaigns compromising WordPress sites to deploy this malicious #ClickFix framework, as well as others impersonating AI platforms

Since that report was written, the operator "LenAI" has released ErrTraffic v4.

We shared some IoCs on our Community GitHub, and and I can share the latest ones, feel free to reach out!

https://github.com/SEKOIA-IO/Community/tree/main/IOCs/errtraffic

https://infosec.exchange/@sekoia_io/116758846525821124

Community/IOCs/errtraffic at main · SEKOIA-IO/Community

Welcome to the SEKOIA.IO Community repository! . Contribute to SEKOIA-IO/Community development by creating an account on GitHub.

GitHub
Jun 16 at 12:36pmWeb
Show threadRecklessPush386715d ago
@crep1x This is great info! I was just looking at a bunch of pages from the .beer cluster and all I could find were samples where the .beer domain was hosted on 178.16.52[.]101. It looks like you found more. Thanks for posting this!