Tracking FileFix, Shadow Vector, and SideWinder
Essential information
- Published
- 10/11/2025 16:26
- Modified
- 11/11/2025 18:23
- Tags
- 2025-11-10 CVE-2017-0199 CVE-2017-11882 clickfix clipboard manipulation colombia document-based attacks filefix shadow vector south asia svg virustotal yara
- Related entities
- 2 vulnerabilities (cve), 16 observables, 1 intrusion sets (apt), 9 techniques (mitre), 2 malware, 6 others
Description
This intelligence report details collaborative research between Acronis Threat Research Unit and VirusTotal on three emerging cyber threats. FileFix, a variant of ClickFix, uses malicious websites to trick victims into running commands copied to their clipboard. Shadow Vector targets Colombian users with SVG images disguised as court summonses containing links to malicious payloads. SideWinder, a South Asian threat actor, continues to exploit old vulnerabilities in document-based attacks on government and defense entities. The report highlights the use of VirusTotal's platform for threat hunting, including content searching, metadata filtering, and YARA rule creation to track these campaigns and uncover their tactics and infrastructure.