Tag: lnk file

9 Attack Reports | 0 Vulnerabilities

Attack reports

APT Targets South Korea with Deceptive PDF Lures

The Kimsuky APT group, also known as Black Banshee, has been actively targeting South Korean government entities using evolving tactics. Two distinct campaigns were uncovered, both utilizing government-themed PDF documents as lures. The infection chain begins with a phishing email containing a mali…
obfuscation
apt
phishing
south korea
keylogging
lnk file
data exfiltration
cryptocurrency theft
snakekeylogger
2025-04-04
vba script
Published: April 4, 2025
Downloadable IOCs: 0

Silent Credit Card Thief Uncovered

A sophisticated credit card skimming campaign dubbed 'RolandSkimmer' has been discovered, targeting users in Bulgaria. The attack utilizes malicious browser extensions across Chrome, Edge, and Firefox, initiated through a deceptive LNK file. The malware employs obfuscated scripts to establish persi…
persistence
lnk file
evasion techniques
browser extensions
obfuscated scripts
2025-04-04
credit card skimming
financial data theft
rolandskimmer
bulgaria
Published: April 4, 2025
Downloadable IOCs: 0

Christmas "Gift" Delivered Through SSH

A malicious file named "christmas_slab.pdf.lnk" was discovered, utilizing Windows' built-in SSH support to deliver malware. The LNK file executes ssh.exe to transfer and run a PE file from a remote server. The attack leverages the SSH/SCP protocol, taking advantage of its widespread availability on…
lnk file
ssh
2024-12-20
Published: December 20, 2024
Downloadable IOCs: 1

Threat Actor Targets Manufacturing Industry With Malware

A sophisticated cyberattack campaign targeting the manufacturing industry has been identified, utilizing a deceptive LNK file disguised as a PDF document. The attack leverages multiple Living-off-the-Land Binaries and Google Accelerated Mobile Pages to evade detection. The threat actor employs vari…
powershell
lumma stealer
dll sideloading
lnk file
process injection
manufacturing
code injection
2024-12-05
amadey bot
amp url
Published: December 5, 2024
Downloadable IOCs: 0

XWorm: Analyzing New Infection Tactics With Old Payload

A recent malware campaign utilizes a multi-stage infection chain starting with a LNK file that lures victims into opening an invoice in a web browser. The attack involves PowerShell commands, batch files, and Python scripts to download and execute the XWorm payload. The infection process includes d…
xworm
python
powershell
keylogging
lnk file
shellcode injection
multi-stage infection
2024-12-04
Published: December 4, 2024
Downloadable IOCs: 0

Attack On Maritime & Defense Manufacturing

The DONOT APT group has launched a campaign targeting Pakistan's manufacturing industry supporting maritime and defense sectors. The attack uses a malicious LNK file disguised as an RTF, which executes PowerShell commands to deliver a lure document and stager malware. The malware establishes persis…
apt
powershell
pakistan
persistence
encryption
defense
lnk file
maritime
2024-11-15
stager
manufacturing
Published: November 15, 2024
Downloadable IOCs: 0

Dissecting A Multi-Stage PowerShell Campaign Using Chisel

A sophisticated multi-stage PowerShell campaign has been identified, utilizing an LNK file to initiate a sequence of obfuscated scripts. The attack maintains persistence and stealth by connecting with a command-and-control server. It employs Chisel, a fast TCP/UDP tunneling tool, and a Netskope pro…
powershell
persistence
lateral movement
lnk file
multi-stage
command-and-control
2024-11-12
chisel
Published: November 12, 2024
Downloadable IOCs: 17

Unraveling the Sophisticated Attack Leveraging VS Code for Unauthorized Access

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…
apt
python
cyber espionage
lnk file
github
2024-10-01
remote tunnel
unauthorized access
vs code
scheduled task
Published: October 1, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21893
Downloadable IOCs: 7

Malvertising Campaign Leads to Execution of Oyster Backdoor

Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
malware
powershell
persistence
execution
malicious
python script
2024-06-24
lnk file
schtasks
json
microsoft teams
temp directory
http post
oyster main
Published: June 24, 2024
Downloadable IOCs: 13
Click here to see more Attack Reports