ioc[.]one - OSINT Cyber Threat Intelligence Database

Unraveling the Illusion of Trust: The Innovative Attack Methodology Leveraging the "search-ms" URI Protocol Handler

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Compromise Infrastructure Process Injection Scheduled Task/Job
maec-delivery-vectors:	Watering Hole
attack-pattern:	Command And Scripting Interpreter - T1623 Compromise Infrastructure - T1584 Domains - T1583.001 Domains - T1584.001 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Javascript - T1059.007 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Regsvr32 - T1218.010 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Virtualization/Sandbox Evasion - T1497 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Hidden Window - T1143 Powershell - T1086 Process Injection - T1055 Regsvr32 - T1117 Scheduled Task - T1053 Signed Binary Proxy Execution - T1218 System Information Discovery - T1082 User Execution - T1204 User Execution

Show in Graph

Common Information

Type	Value
UUID	402264af-dba5-4703-8a30-5e605dad277e
Fingerprint	b445998aa1b4cf89
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 11, 2023, midnight
Added to db	Oct. 24, 2023, 1:16 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Blogs
Title	Unraveling the Illusion of Trust: The Innovative Attack Methodology Leveraging the "search-ms" URI Protocol Handler
Detected Hints/Tags/Attributes	87/3/13

Source URLs

	Redirection	Url
Details	Source	https://www.trellix.com/about/newsroom/stories/research/beyond-file-search-a-novel-method/

URL Provider

Details	Provider	Source level domain
Details	trellix.com	www.trellix.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		dhqidfvyxawy0du9akl2ium.webdav.drivehq.com
Details	Domain	2		internetshortcuts.link
Details	Domain	2		agent.je
Details	Domain	18		generic.mg
Details	File	20		page.html
Details	File	459		regsvr32.exe
Details	File	1209		powershell.exe
Details	File	2		over.ps1
Details	File	17		malware.bin
Details	File	10		ary.exe
Details	File	3		ary.vbs
Details	Windows Registry Key	2		HKEY_CLASSES_ROOT\search
Details	Windows Registry Key	2		HKEY_CLASSES_ROOT\search-ms