Trusted Design

ClickFix in action: how fake captcha can encrypt an entire company

概要

The report details a malware attack on a large Polish organization involving fake CAPTCHA techniques. It describes the initial infection vector, where users were tricked into running malicious code through a Windows+R shortcut. The analysis covers two main malware families: Latrodectus (version 2.3) and Supper. The report provides technical details on the malware's functionality, communication protocols, and persistence mechanisms. It also includes indicators of compromise, such as C2 server IP addresses and file hashes. The authors emphasize the importance of employee education and monitoring for unusual events to mitigate such threats.

Created: 2026-03-21

Indicators

• FileHash-SHA1 - 3d56542349180e144aa17230e99b7eb4a29b97ea -
• FileHash-MD5 - 16afa928cd820a572bd47e798f481c46 -
• FileHash-SHA1 - d1eccb3d907f0cd7e52d502b340624d5dc98f8dc -
• URL - https://fadoklismokley.com/work/?counter=0&type=1&guid=3B7FFFF7F331576B6FA3479BDF43&os=6&arch=1&username=JohnDoe&group=2201209746&ver=2.3&up=7&direction=fadoklismokley.com -
• FileHash-MD5 - e6133838440afc64ce9722343a1cb297 -
• FileHash-MD5 - fd817202314d4067c2dc9c51d98f0268 -
• FileHash-SHA256 - 2528df60e55f210a6396dd7740d76afe30d5e9e8684a5b8a02a63bdcb5041bfc -
• URL - http://naintn.com/amazoncdn.com/oeiich37874cj30dkk43885j10vj38h38jd/nrs/opn/ca/ -
• FileHash-SHA256 - 6673794376681c48ce4981b42e9293eee010d60ef6b100a3866c0abd571ea648 -
• domain - gasrobariokley.com -
• URL - https://fadoklismokley.com/work/ -
• URL - http://jzluw.com/cdn-dynmedia-1.microsoft.com/is/n03ufh3k003jdhkg99fhhas/is/content/ -
• FileHash-SHA256 - 21b953dc06933a69bcb2e0ea2839b47288fc8f577e183c95a13fc3905061b4e6 -
• domain - jzluw.com -
• URL - https://gasrobariokley.com/work/ -
• URL - https://gasrobariokley.com/work/?counter=0&type=1&guid=3B7FFFF7F331576B6FA3479BDF43&os=6&arch=1&username=JohnDoe&group=2201209746&ver=2.3&up=7&direction=gasrobariokley.com -
• FileHash-SHA1 - 273962821f14982ead6c10823587fd39e89cf2fc -
• domain - naintn.com -
• FileHash-SHA1 - b5710067c36447759b82593200f7374760d71571 -
• domain - fadoklismokley.com -

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る