The new .LNK between spam and Locky infection - Microsoft Security Blog
Tags
country: Russia
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID f74a4cd6-b4f5-47b3-8b17-bdf65e66a1f1
Fingerprint 8cd338fb2e36c64d
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 19, 2016, 10:28 a.m.
Added to db Jan. 18, 2023, 9:18 p.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline The new .LNK between spam and Locky infection
Title The new .LNK between spam and Locky infection - Microsoft Security Blog
Detected Hints/Tags/Attributes 47/2/14
Source URLs
Redirection Url
Details Source https://cloudblogs.microsoft.com/microsoftsecure/2016/10/19/the-new-lnk-between-spam-and-locky-infection/
URL Provider
Details Provider Source level domain
Details microsoft.com cloudblogs.microsoft.com
Attributes
Details Type #Events CTI Value
Details Domain 397 
www.microsoft.com
Details Domain 212 
technet.microsoft.com
Details File 1 
bjynzr.exe
Details File 1 
_440_howdo_text.html
Details File 1 
_howdo_text.bmp
Details File 2 
_howdo_text.html
Details File 2 
apache_handler.php
Details File 2 
submit.aspx
Details sha1 1 
3dcf2f116af0a548e88022baa1f41f61f362ae39
Details sha1 1 
c1ee00884c0f872767992d5348e4de576935d8da
Details IPv4 1 
93.170.104.126
Details IPv4 1 
185.46.11.73
Details Url 2 
https://www.microsoft.com/en-us/security/portal/submission/submit.aspx
Details Url 1 
https://technet.microsoft.com/en-us/itpro/windows/whats-new/security