ET MALWARE ClickFix Landing Page Observed

7.0.35.0SID: 2069839Rev: 1Enabled5 views
Sourceet/open
Fileemerging-malware.rules
CreatedJune 9, 2026
UpdatedJune 9, 2026
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE ClickFix Landing Page Observed"; flow:established,to_client; http.response_body; content:"ClickFix|20|Cloudflare|20|CAPTCHA|20|module"; fast_pattern; content:"|2f 2f 20|Loaded|20|by|20|JS|20|loader|20|from|20|API|20|server"; content:"fetchPayload|28 29|"; classtype:trojan-activity; sid:2069839; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_06_09, deployment Perimeter, deployment SSLDecrypt, malware_family ClickFix, confidence High, signature_severity Major, tag compromised_website, updated_at 2026_06_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:dest_ip;)

Metadata

affected productWeb_Browsers
attack targetClient_Endpoint
tls stateTLSDecrypt
created at2026_06_09
deploymentSSLDecrypt
malware familyClickFix
confidenceHigh
signature severityMajor
tagcompromised_website
updated at2026_06_09
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1189
mitre technique nameDrive_by_Compromise

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!