Seven layers of obfuscation, one 1970s LOLBIN: pulling apart a ClickFix chain through finger.exe
A ClickFix loader using finger.exe over TCP/79 to drop IronPython and an in-process x86 shellcode beacon.
BlueTeamCoolTeam
Twelve layers of obfuscation, one AMSI patch: pulling apart a ClickFix mshta loader
A ClickFix campaign drops a 2.4 MB polyglot from prism-vertex[.]com that looks like an MSIX package but parses as an HTA when mshta opens it.
A driver that wasn't a driver: dissecting a steganographic PowerShell beacon
A 3.7 MB log-line file in System32\drivers\, a tiny PowerShell read-decode-execute, and an HTTP beacon that pulls its capability live.