Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Search & Spoof: Abuse of Windows Search to Redirect to Malware

June 11, 2024, 2 p.m.

Description

Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiates with a suspicious email containing an HTML attachment masquerading as a routine document like an invoice. Once opened, the HTML file abuses standard web protocols to exploit Windows system functionalities, utilizing techniques such as automatic page redirection and clickable links to trigger a search exploit. By exploiting the search protocol, the attack retrieves malicious files disguised as legitimate documents from a remote server, ultimately leading to the potential execution of additional malicious operations.

Date

Published: June 11, 2024, 1:36 p.m.

Created: June 11, 2024, 1:36 p.m.

Modified: June 11, 2024, 2 p.m.

Indicators

d136dcfc355885c502ff2c3be229791538541b748b6c07df3ced95f9a7eb2f30

tender-coding-bi-associate.trycloudflare.com

Attack Patterns

T1223

T1194

T1580

T1568

T1120

T1187

T1608

T1010

T1197

T1572

T1189

T1564

T1218

T1105

T1055

T1192

T1204

T1195

T1090

T1059