← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
HelloTDS: The Infrastructure Behind FakeCaptcha
WHITE PetrP.73 2025-06-11 Modified: 2025-07-11
897
IOCs
HIGH VOLUME
The analysis of the HelloTDS infrastructure reveals a complex Traffic Direction System (TDS) that facilitates various malware campaigns, including FakeCaptcha, by exploiting vulnerable websites and malvertising techniques. HelloTDS operates through a robust network that utilizes geolocation, IP address, and browser fingerprinting to determine the nature of content delivered to users. It particularly targets users through compromised streaming sites and file-sharing services that have been manipulated to load malicious scripts. The effectiveness of these campaigns lies in their ability to mimic legitimate software platforms, enhancing their stealth and complicating detection efforts.
fakecaptchakey takeawaysnortonavastaviraurlscompromiseiocshellotdshellotds jsonhellotds scriptapatewebblogspot site
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (23 / 897 total)
All CIDR URL domain hostname FileHash-SHA256 FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 08428649ce76812e7d515b7396b6984ab5440897c1c308e477f613f2406cb4f0 2025-06-11
FileHash-SHA256 1084684e41755b9536ab3bc52cad1b776964e62f898b5b6beeb50c7faec10439 2025-06-11
FileHash-SHA256 17240c4594e3ed910dfe804fb558f45e9fceb9c58c4d9f08aa17a6ce5cdb3ae0 2025-06-11
FileHash-SHA256 3117d0dd68e7f475edee5b7e48b32de6141a2aa0509be0a39037c16a72c89cdc 2025-06-11
FileHash-SHA256 32bb916f095c25a853bdd85710093839f1ed9d4058c3c4d796cbc94fd3660a7e 2025-06-11
FileHash-SHA256 3bfeca03df1e2ad20d3732cddbbaefea264789039074ba3064ab11ffccc8d6b1 2025-06-11
FileHash-SHA256 44d297eba7dccadecfbe3e0ff86d697390b63adae9b1d8e148c3e04084ef3ae4 2025-06-11
FileHash-SHA256 4ed10dfb7e3448c3c7d64cb50fde2c60cdf0e5f9c482777dd9b6a2a1582502dc 2025-06-11
FileHash-SHA256 6e9087f1c4cea43ec26e38978d20887ad0c2831f995f42ef72f2417c619f88a4 2025-06-11
FileHash-SHA256 8d2993180317a5ff03d02649b45f513e45f4a936feea5ce2bbd11fa3df79e67b 2025-06-11
FileHash-SHA256 b7949853728d67ca6ad94758aebda379a0b8f4e25b4ec7cd387f64d716a269ff 2025-06-11
FileHash-SHA256 ca622d51834fb3ad38ef57263dc1ae652489a6a0fe5629b3899dc715deaa1956 2025-06-11
FileHash-SHA256 d79c2b49d71f0180555acc0f7586c888330c6a80c71bd663e46d82075596cd96 2025-06-11
FileHash-SHA256 e726fb8ae91f9a4bb847bdecb7fc7a140d04f195bfb879f2fafe0aad31bebeac 2025-06-11
FileHash-SHA256 ef36299c949a9113b75501fb24276c8d1a032c601ea46bd1672800fa2c82fb49 2025-06-11
FileHash-SHA256 0469541b8a9bf4c7cc1d6c1018f105415186228a7c082b282178e0ced2248276 2025-06-11
FileHash-SHA256 2bc1d52800e572271009b4f964c692ee7b12364af026bd7e127facf11fbdcc4b 2025-06-11
FileHash-SHA256 5849c8fe7e79b878cb312935e8c29a643735f318332a89deae6265fa25ce4b3a 2025-06-11
FileHash-SHA256 66943ba396c35992570d2fd4b891f171ae05f3628efd4539a7a8dc4f40e66281 2025-06-11
FileHash-SHA256 82f4401270520c9ddcdb21835e271fa3c8c162eb75b21daf49a09ccfdc93de26 2025-06-11
FileHash-SHA256 9ab00346cfe346b9fe2fd030adc82f899db3f9547d95b964b81df465ed9cf6aa 2025-06-11
FileHash-SHA256 cb0a28e1de6588dbbd8dcae7714d3dac9fc0f294744923741739455f1e9e59f4 2025-06-11
FileHash-SHA256 d2b223afa76cccc6201ca5f7b11566025fa6766c3838614fc4c6bf9c8030c76c 2025-06-11
References (2)
↗ https://www.gendigital.com/blog/insights/research/inside-hellotds-malware-network ↗ https://github.com/avast/ioc/tree/master/HelloTDS