Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
7 Days |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
An attacker may embed a .LNK file in an Office document to execute malicious code.
Attacker's Goals
Modify or create a shortcut to gain code or program execution.
Investigative actions
- Check if the Office document contains a shortcut object.
- Check the content (strings) of the document object for a .LNK shortcut.
- Check the content of the shortcut.