all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Following the LNK metadata trail

Add to bookmarks
Jan. 19, 2023, 1 p.m. | Guilherme Venere

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence blog.talosintelligence.com

While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.

access bumblebee campaigns commodity malware download files gamaredon identify initial access lnk malicious malware malware research metadata qakbot securex talos threat threat actors threats threat spotlight tracking

Visit resource

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices 9 hours ago | blog.talosintelligence.com
apt campaign campaigns devices +15
Suspected CoralRaider continues to expand victimology using three information stealers 1 day, 13 hours ago | blog.talosintelligence.com
apt argument bypass command +17
What’s the deal with the massive backlog of vulnerabilities at the NVD? 5 days, 13 hours ago | blog.talosintelligence.com
backlog current deal management +10
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation? 6 days, 7 hours ago | blog.talosintelligence.com
account blocked court disinformation +8
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal 1 week ago | blog.talosintelligence.com
cisco cisco talos code confidential +20
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials 1 week, 1 day ago | blog.talosintelligence.com
attacks brute brute-force cisco +24
The internet is already scary enough without April Fool’s jokes 1 week, 6 days ago | blog.talosintelligence.com
april backdoor community internet +7
Vulnerability in some TP-Link routers could lead to factory reset 2 weeks ago | blog.talosintelligence.com
amd directx driver factory +10
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution 2 weeks, 1 day ago | blog.talosintelligence.com
april code code execution critical +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086
View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States
View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ
View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom
View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States
View on infosec-jobs.com
View more jobs