Red Teaming 101: Using LNK Files for Initial Access. (Part 1)
Tags
attack-pattern: Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 6d609a50-4381-449d-b2a8-73ccf0ccf07a
Fingerprint dd3320999a7ffab
Analysis status DONE
Considered CTI value -2
Text language
Published Oct. 4, 2024, 11:02 a.m.
Added to db Oct. 4, 2024, 1:08 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Red Teaming 101: Using LNK Files for Initial Access. (Part 1)
Title Red Teaming 101: Using LNK Files for Initial Access. (Part 1)
Detected Hints/Tags/Attributes 29/1/13
Source URLs
Redirection Url
Details Source https://mohex.medium.com/red-team-tips-initial-access-part-1-569f0f42fc32?source=rss------infosec-5
URL Provider
Details Provider Source level domain
Details medium.com mohex.medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 168 Infosec on Medium https://medium.com/feed/tag/infosec 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 372 
wscript.shell
Details Domain 13 
shortcut.save
Details File 1 
c:\users\public\desktop\image.gif
Details File 1208 
powershell.exe
Details File 13 
shortcut.tar
Details File 2 
rev-shell.exe
Details File 1 
%temp%\shell.exe
Details File 3 
image.gif
Details File 33 
shell.exe
Details File 7 
shortcut.ico
Details File 1 
%windir%\system32\mspaint.exe
Details Url 1 
http://localhost/rev-shell.exe
Details Url 1 
http://localhost/image.gif