Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112)
July 10, 2024, 9:29 a.m.
Description
Check Point Research discovered threat actors leveraging novel techniques to execute malicious code on Windows systems by exploiting Internet Explorer's vulnerabilities. The attackers utilized specially crafted .url files that, when opened, would launch IE and visit attacker-controlled URLs. Additionally, they employed a trick to hide the .hta extension, tricking victims into executing malicious code disguised as a PDF file. This campaign has been active since January 2023, targeting various industries and utilizing multiple MITRE ATT&CK techniques.
Date
| Published | Created | Modified |
|---|---|---|
| July 10, 2024, 9:24 a.m. | July 10, 2024, 9:24 a.m. | July 10, 2024, 9:29 a.m. |
Indicators
bd710ee53ef3ad872f3f0678117050608a8e073c87045a06a86fb4a7f0e4eff0
65142c8f490839a60f4907ab8f28dd9db4258e1cfab2d48e89437ef2188a6e94
22e2d84c2a9525e8c6a825fb53f2f30621c5e6c68b1051432b1c5c625ae46f8c
https://cbmelipilla.cl/te/Books_A0UJKO.pdf%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80%E2%A0%80.hta
http://cbmelipilla.cl/te/test1.html!x-usc:http://cbmelipilla.cl/te/test1.html
http://cbmelipilla.cl/te/test1.html
Attack Patterns
T1608
T1064
T1203
T1057
T1204
T1566
T1059
CVE-2024-38112
CVE-2023-36025
CVE-2021-40444