Christmas "Gift" Delivered Through SSH
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malicious file named "christmas_slab.pdf.lnk" was discovered, utilizing Windows' built-in SSH support to deliver malware. The LNK file executes ssh.exe to transfer and run a PE file from a remote server. The attack leverages the SSH/SCP protocol, taking advantage of its widespread availability on modern Windows systems. The malicious payload is downloaded from an IP address belonging to Apple's range, raising suspicions. The LNK file's command line arguments reveal the attacker's intent to bypass host key checking and execute the downloaded malware. This technique demonstrates how threat actors are adapting to use legitimate system tools for malicious purposes.
OPENCTI LABELS :
lnk file,ssh
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Christmas "Gift" Delivered Through SSH