Hiding HTML Smugglers In Your Inbox
Threat actors utilize HTML Smuggling techniques in recent campaigns to deliver Qakbot XWorm Cobalt Strike and IcedID.
Initially a spear-phishing email is sent to the target with an HTML attachment once opened the HTML file may directly drop an archive file containing a malicious LNK file to the victim machine or present a file impersonating well know vendors such as Adobe Google or Dropbox.
The victim is then coerced into executing the archive or saving and executing a malicious file in the form of an .ISO .IMG or VHD image file.
In either scenario the file contains an LNK file that executes commands to load a decoy file and uses the native binary rundll32 to load the malware payload.
Featured Resources
When Operational Efficiency Equals Compliance
This is Part 3 of our five-part series on Continuous Threat Exposure Management (CTEM). In today’s regulatory landscape, operational efficiency
Non-profit Increases Financial Efficiency and Strengthens Cybersecurity Defenses
Facing increasing threats and tighter budgets, Walsall Housing Group Limited (whg), a UK housing association, turned to Cymulate to optimize
Finding the Right Fit: Vulnerability Assessment vs. Penetration Testing
With more cyber threats than ever before, protecting your organization’s assets and sensitive data has never been more critical. Businesses
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.