ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool VenomLNK

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: VenomLNK

NamesVenomLNK
CategoryExploits
TypeLoader
Description(QuoINT) We have observed a Windows Shortcut file dubbed as VenomLNK used in various campaigns involving different infection chains. We hypothesize this is a new variation of a previously highlighted malicious document kit builder known as VenomKit, a building-kit tool that threat actors use to craft malicious Rich Text File (RTF) documents that exploit multiple vulnerabilities. Successful exploitation of those vulnerabilities leads to the delivery of batch and scriptlet files on a system and execution to download the second stage payload from a Web resource.
Information<https://quointelligence.eu/2020/01/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors/>
<https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.venom_lnk>

Last change to this tool card: 24 April 2021

Download this tool card in JSON format

All groups using tool VenomLNK

ChangedNameCountryObserved

APT groups

 Venom Spider, Golden ChickensRussia2017-Feb 2019 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key