otx.alienvault.com
Open in
urlscan Pro
13.32.121.87
Public Scan
URL:
https://otx.alienvault.com/pulse/63cc33d43b1e4ebfb2e79e74
Submission: On January 23 via api from DE — Scanned from DE
Submission: On January 23 via api from DE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (215813) Suggest Edit Clone Embed Download Report Spam FOLLOWING THE LNK METADATA TRAIL * Created 2 days ago by AlienVault * Public * TLP: White A look at research carried out by Cisco Talos on Shell Link files and how they can be used to identify and track cyber-attackers and their tactics in the coming years, as well as how to track new campaigns. References: https://blog.talosintelligence.com/following-the-lnk-metadata-trail/ https://github.com/Cisco-Talos/IOCs/blob/main/2023/01/following-the-lnk-metadata-trail.txt Tags: lnk, Qakbot, SharPersist, Meterpreter, phishing Malware Families: Qakbot , SharPersist , Meterpreter Att&ck IDs: T1027 - Obfuscated Files or Information , T1059 - Command and Scripting Interpreter , T1134 - Access Token Manipulation , T1547 - Boot or Logon Autostart Execution , T1561 - Disk Wipe , T1566 - Phishing Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (51) * Related Pulses (112) * Comments (0) * History (0) CVE (1)Other (1)IPv4 (2)FileHash-SHA256 (33)FileHash-SHA1 (6)FileHash-MD5 (7) TYPES OF INDICATORS Germany (1)India (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses domain2fgithub.comJan 21, 2023, 6:49:56 PM80 IPv41.23.82.72Jan 21, 2023, 6:49:56 PM99 FileHash-SHA256f10f7b6b90f1fabd7d55822fa50d11cda7e8651df246daa8f1cf2360cebca61eJan 21, 2023, 6:49:56 PM4 FileHash-SHA256ed8bcc29a19a0e2ba87db4bd3ce2e49762a36b9c63a5a4ef5ceea8952cd77ecdJan 21, 2023, 6:49:56 PM4 FileHash-SHA256b29b0f2a27ccbb9f12363a3dde1f2d2373fdc782232f4804f0abffbb8daf9d25Jan 21, 2023, 6:49:56 PM5 FileHash-SHA2567a73861f0c33e3bd132706608e4b15569e00c50b31a84f6feaddc8fa9a147b4aJan 21, 2023, 6:49:56 PM4 FileHash-SHA25677fe3b85503872e252ee98f49c1491d7dfc7cb3579ff3771bd7ad59f68c0dc60Jan 21, 2023, 6:49:56 PM6 FileHash-SHA25674ec1aefc915a939cda2b028d778566e341c2ef81186a5861b677e3bc6707623Jan 21, 2023, 6:49:56 PM4 FileHash-SHA25659f4de94d55dfe45b09f384d162cca358f2457c39f03334435d0b21b7110240cJan 21, 2023, 6:49:56 PM4 FileHash-SHA2563c1d714d910f4d14eaf4698b7cec9a15a7ed92c657fb9945125bbdf3f8c767d5Jan 21, 2023, 6:49:56 PM5 SHOWING 1 TO 10 OF 51 ENTRIES 1 2 3 4 5 ... 6 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2023 AlienVault, Inc. * Legal * Status