ZDI-CAN-25373 Windows Shortcut Exploit Detected

LetsDefend Monitoring Alert

Mar, 20, 2025, 01:48 PM

Event ID: 317

Event Time: Mar, 20, 2025, 01:48 PM

Rule Name: SOC339 - ZDI-CAN-25373 Windows Shortcut Exploit Detected

Alert Type: Malware

MITRE Technique:

T1566 - Initial Access - Phishing,

T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,

T1078 - Initial Access - Valid Accounts,

T1204 - Execution - User Execution,

T1041 - Exfiltration - Exfiltration Over C2 Channel,

T1105 - Command and Control - Ingress Tool Transfer,

T1136 - Persistence - Create Account,

T1204.002 - Execution - User Execution: Malicious File,

T1566.001 - Initial Access - Phishing: Spearphishing Attachment,

T1036 - Defense Evasion - Masquerading,

T1136.001 - Persistence - Create Account: Local Account,

T1036.005 - Defense Evasion - Masquerading: Match Legitimate Name or Location,

Severity: High

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166