← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault
WHITE celestre 2026-03-24 Modified: 2026-04-23
55
IOCs
HIGH VOLUME
This report expands LevelBlue’s ongoing investigation into a multi-stage fileless malware campaign in which a network of compromised legitimate websites redirects victims to fake CAPTCHA verification pages delivering credential-stealing payloads through a ClickFix social engineering mechanism.
donutloadersha256familyaura stealervidarstealerrhadamanthysdomaintypeindicatorclickfixmalwarehttpsdead dropresolver
Indicators of Compromise (7 / 55 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 581c6dd57a0af1cead86257f89d571bb MD5 of 807d050db2f7f0d1073096d47c6835ab6806744e64fa17cd7d80c138fa2c5783 2026-03-24
FileHash-MD5 727c9fcd1d8a4a6e42eee33a22564de1 MD5 of aa8eb05991e26c4aafc6a36e7fa8439b1594e0c8bf2ca63dbc961b6ffdcbc5ba 2026-03-24
FileHash-MD5 7cf1f49eb43e0e392f19cd1108b308dc MD5 of 510b45e5977b671a550e466dd2ffde4e5dbd51a13d4075a6720388833ee33d9f 2026-03-24
FileHash-MD5 853e83733d064e51ba5addf1471b6e02 MD5 of 324a4f52861de5693c3749706969dfa8f65236338a53cdd489437f8b3d167d63 2026-03-24
FileHash-MD5 c85fec39496b41e5f61aa724dfdc12d5 MD5 of 5b005fbeb63d8bc0fd3090898aafc87d33f4b4032f9a9379e2b519307616e8c5 2026-03-24
FileHash-MD5 ce223670524974b51445c29a61491712 MD5 of 701f5f9fe2a386456622ae19164990084df41e789c826e45fb56a2f5a4596036 2026-03-24
FileHash-MD5 f8a9cf442344f7a767584e7b57eca62c MD5 of cc8c18bcd2c83b46518840c6966dd0f14b0e46c6f49a04e47aa13bca70b2e733 2026-03-24
References (1)
↗ https://www.levelblue.com/blogs/spiderlabs-blog/fake-captcha-campaign-inside-a-multi-stage-stealer-assault