Threats Tagged 'remote dll'
View all threats tagged with 'remote dll'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'remote dll'
Click on any threat for detailed analysis and mitigation recommendations
Beyond PowerShell: Analyzing the Multi-Action ClickFix Variant 0 This analysis documents a newly observed ClickFix variant that abuses native Windows utilities, specifically cmdkey and regsvr32, for payload delivery. Victims are socially engineered through fake CAPTCHA pages to execute a malicious command via the Windows Run dialog. The single command chains multiple actions: staging credentials using cmdkey, retrieving a remote DLL via regsvr32 from a UNC path, and executing it silently. The 64-bit DLL establishes persistence through a scheduled task pulled from a remote XML file hosted on attacker infrastructure. This approach avoids traditional malware drops and leverages exclusively trusted Windows components for high stealth. The variant demonstrates continued evolution of ClickFix techniques, moving beyond PowerShell to use command chaining with legitimate system tools. Join the discussion | AlienVault OTX General | 04/23/2026, 03:26:58 UTC Added: 04/23/2026, 09:06:03 UTC |
Showing 1 to 1 of 1 result