ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://clfckhitriver.com/api/data.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1782881
IOC: https://clfckhitriver.com/api/data
IOC Type :url
Threat Type :payload_delivery
Malware: SmartApeSG
Malware alias:HANEYMANEY, ZPHP
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
First seen:2026-04-08 14:54:58 UTC
Last seen:never
UUID:7ce53d84-334b-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:AIMP Aorta ClickFix sideload SmartApeSG
Reference: https://github.com/Lenny-3BO/threat-hunting

Avatar
Lenny_3BO
SmartApeSG ClickFix campaign. TDS via compromised WordPress (slotthai.review) with injected JS calling clfckhitriver.com/api/data. HTA dropper served only to curl UA. Downloads trojanized AIMP Portable with Aorta.dll sideload plugin. Same Aorta.dll SHA256 as fosaqopr.com campaign (2026-03-17).