ioc[.]one - OSINT Cyber Threat Intelligence Database

Unraveling the Illusion of Trust: The Innovative Attack Methodology Leveraging the "search-ms" URI Protocol Handler

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Compromise Infrastructure Process Injection Scheduled Task/Job
country:	China
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Command And Scripting Interpreter - T1623 Compromise Infrastructure - T1584 Domains - T1583.001 Domains - T1584.001 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Javascript - T1059.007 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Regsvr32 - T1218.010 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Hidden Window - T1143 Powershell - T1086 Process Injection - T1055 Regsvr32 - T1117 Scheduled Task - T1053 Signed Binary Proxy Execution - T1218 System Information Discovery - T1082 User Execution - T1204 User Execution

Show in Graph

Common Information

Type	Value
UUID	72e9f97c-d204-4b5d-870c-24117ee7d6f6
Fingerprint	b445998aa9b4cf09
Analysis status	DONE
Considered CTI value	0
Text language
Published	July 12, 2023, midnight
Added to db	July 28, 2023, 2:42 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler
Title	Unraveling the Illusion of Trust: The Innovative Attack Methodology Leveraging the "search-ms" URI Protocol Handler
Detected Hints/Tags/Attributes	85/4/13

Source URLs

	Redirection	Url
Details	Source	https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html
Details	Source	https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	trellix.com	www.trellix.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		dhqidfvyxawy0du9akl2ium.webdav.drivehq.com
Details	Domain	2		internetshortcuts.link
Details	Domain	2		agent.je
Details	Domain	18		generic.mg
Details	File	20		page.html
Details	File	459		regsvr32.exe
Details	File	1209		powershell.exe
Details	File	2		over.ps1
Details	File	17		malware.bin
Details	File	10		ary.exe
Details	File	3		ary.vbs
Details	Windows Registry Key	2		HKEY_CLASSES_ROOT\search
Details	Windows Registry Key	2		HKEY_CLASSES_ROOT\search-ms