LNK or Swim: Analysis & Simulation of Recent LNK Phishing
Contents
LNK (shortcut) files are a common starting point for many phishing campaigns. Threat actors abuse the unique properties of LNK files to deceive users and evade detection and prevention countermeasures, making them potent tools for compromising systems and networks.
In this blog, we'll provide an in-depth analysis of recent LNK phishing campaigns, examining the tactics, techniques, and procedures (TTPs) employed by threat actors. We'll also introduce tools and techniques for simulating these phishing campaigns, helping defenders test their defenses against malicious LNK usage.
Furthermore, we'll present a list of indicators of compromise (IOCs) associated with recent campaigns and discuss relevant Splunk detections for LNK files.
By the end of this post, you will:
Let's get started by understanding what LNK files are and how they can be abused for phishing.
First, let’s understand LNK files. A LNK (pronounced as "link") file is a type of shortcut file used in the Windows operating system (OS) to …
In this blog, we'll provide an in-depth analysis of recent LNK phishing campaigns, examining the tactics, techniques, and procedures (TTPs) employed by threat actors. We'll also introduce tools and techniques for simulating these phishing campaigns, helping defenders test their defenses against malicious LNK usage.
Furthermore, we'll present a list of indicators of compromise (IOCs) associated with recent campaigns and discuss relevant Splunk detections for LNK files.
By the end of this post, you will:
Let's get started by understanding what LNK files are and how they can be abused for phishing.
First, let’s understand LNK files. A LNK (pronounced as "link") file is a type of shortcut file used in the Windows operating system (OS) to …
IoC
27cd090cf83877750416d37dc6ddd8ff319b4854414e4275d67f96652376bcf0
2e7aa640b2da6d9350afba1b8ad0b65bc85ac335dde42f08cd540da8580e2a78
375ac09d5f44849e9c888e86adc50069cdb019e3de3216264f61868bef12ca4d
4613810c0daf6abb2449de0816ef6c868620bc66318cc927d2ce06752a5fc19e
5fb0518c2ced3e2556da039dae3cfe846cbf667ef2556c6d75b1487da75ef15f
9566099319b9649f49501121f789e7e387e2dd49750d348d5f914d79252c4353
e86017b846165690bcaf38242e09df96651aec60e9c2dae4bf50de8ace77f029
http://stuckss.com/list.php
https://goosess.com/read/get.php
2e7aa640b2da6d9350afba1b8ad0b65bc85ac335dde42f08cd540da8580e2a78
375ac09d5f44849e9c888e86adc50069cdb019e3de3216264f61868bef12ca4d
4613810c0daf6abb2449de0816ef6c868620bc66318cc927d2ce06752a5fc19e
5fb0518c2ced3e2556da039dae3cfe846cbf667ef2556c6d75b1487da75ef15f
9566099319b9649f49501121f789e7e387e2dd49750d348d5f914d79252c4353
e86017b846165690bcaf38242e09df96651aec60e9c2dae4bf50de8ace77f029
http://stuckss.com/list.php
https://goosess.com/read/get.php