Security News Investigating a New Click-Fix Variant

[Captain Awesome]

If it did not trigger SW, then not enough malicious activity hehe...

True. Sometime Kaspersky take samples very lightly...

 

[harlan4096]

When was added? did You send to them? got the confirmation?

 

[Captain Awesome]

When was added? did You send to them? got the confirmation?

Send it but no reply from them. Not added as of now! Kaspersky Customer support is very picky.

 

[harlan4096]

Send me the sample via pm...

 

[SeriousHoax]

If you have only scanned the CMD command line by saving it as a file then it is normal for the file to be not detected by signatures.

 

[Captain Awesome]

Send me the sample via pm...

Already send it to you.

 

[harlan4096]

This IP looks down: 94 . 156 . 170 . 255

 

[stonjean633]

This IP looks down: 94 . 156 . 170 . 255

View attachment 296340

Yes. The IP's in the IOC are already down.

 

[ForgottenSeer 123960]

This IP looks down: 94 . 156 . 170 . 255

View attachment 296340

Direct TCP/ICMP requests from your host will log your public IP in the threat actor's server access logs if the server is selectively blocking traffic rather than being fully offline.

 

[Khushal]

This IP looks down: 94 . 156 . 170 . 255

View attachment 296340

u have given the cmd to K?

 

[harlan4096]

New malicious software was found in the attached file. Its detection will be included in the next update.
Trojan-Downloader.BAT.Agent.ake
Thank you for your help.