VenomLNK

Description

(QuoINT) We have observed a Windows Shortcut file dubbed as VenomLNK used in various campaigns involving different infection chains. We hypothesize this is a new variation of a previously highlighted malicious document kit builder known as VenomKit, a building-kit tool that threat actors use to craft malicious Rich Text File (RTF) documents that exploit multiple vulnerabilities. Successful exploitation of those vulnerabilities leads to the delivery of batch and scriptlet files on a system and execution to download the second stage payload from a Web resource.

Names

Name
VenomLNK

Type

Loader

Information

https://quointelligence.eu/2020/01/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors/
https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.venom_lnk

Other Information

Uuid

9a5487b5-7aeb-4cfa-8756-3354a0130f02

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

VenomLNK

VenomLNK

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks