LNK Shortcut

Adversaries are increasingly pivoting away from macro-enabled documents to other alternatives, including container files such as ISO and RAR as well as Windows Shortcut (LNK) files in campaigns

Refs

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-of-lnk-shortcut-files-malware/
https://www.socinvestigation.com/hackers-opted-for-new-techniques-after-microsoft-disables-excel-4-0-macros/
https://www.trendmicro.com/en_vn/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html

Why is LNK Shortcut now trendy

Because Macro is now disabled by default (thank god for that MS), many blogs and news now talk about the major shift for the Adversaries but the LNK shortcut has been used for such a long time.

Tool to extract the URL or the command line

How to determine whether the user has clicked on the LNK

Prefetch, AmCache, ShimCache in Windows

PreviousThe Mark of The Web (MOTW)NextPrefetch, AmCache, ShimCache in Windows

Last updated 2 years ago

Was this helpful?