Search & Spoof: Abuse of Windows Search to Redirect to Malware
June 11, 2024, 2 p.m.
Tags
External References
Description
Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiates with a suspicious email containing an HTML attachment masquerading as a routine document like an invoice. Once opened, the HTML file abuses standard web protocols to exploit Windows system functionalities, utilizing techniques such as automatic page redirection and clickable links to trigger a search exploit. By exploiting the search protocol, the attack retrieves malicious files disguised as legitimate documents from a remote server, ultimately leading to the potential execution of additional malicious operations.
Date
Published: June 11, 2024, 1:36 p.m.
Created: June 11, 2024, 1:36 p.m.
Modified: June 11, 2024, 2 p.m.
Indicators
d136dcfc355885c502ff2c3be229791538541b748b6c07df3ced95f9a7eb2f30
tender-coding-bi-associate.trycloudflare.com
Attack Patterns
T1223
T1194
T1580
T1568
T1120
T1187
T1608
T1010
T1197
T1572
T1189
T1564
T1218
T1105
T1055
T1192
T1204
T1195
T1090
T1059