SYMBOLCOMMON_NAMEaka. SYNONYMS
win.venom_lnk (Back to overview)

VenomLNK

VenomLNK is the initial phase of the more_eggs malware-as-a-service. It is a poisoned .lnk file that depends on User Execution and points to LOLBINs (often cmd.exe) with additional obfuscated scripting options. This typically initiates WMI abuse and TerraLoader, which can load additional functionality through various plugins.

References
2023-01-24eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230124:unmasking:c26cfce, author = {Joe Stewart and Keegan Keplinger}, title = {{Unmasking Venom Spider}}, date = {2023-01-24}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/unmasking-venom-spider}, language = {English}, urldate = {2023-01-25} } Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2022-04-21eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220421:hackers:e10086f, author = {eSentire Threat Response Unit (TRU)}, title = {{Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire}}, date = {2022-04-21}, organization = {eSentire}, url = {https://www.esentire.com/blog/hackers-spearphish-corporate-hiring-managers-with-poisoned-resumes-infecting-them-with-the-more-eggs-malware}, language = {English}, urldate = {2023-01-25} } Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs TerraLoader VenomLNK
2021-04-05eSentireeSentire
@online{esentire:20210405:hackers:d45f86f, author = {eSentire}, title = {{Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire}}, date = {2021-04-05}, organization = {eSentire}, url = {https://www.esentire.com/security-advisories/hackers-spearphish-professionals-on-linkedin-with-fake-job-offers-infecting-them-with-malware-warns-esentire}, language = {English}, urldate = {2023-01-25} } Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire
More_eggs TerraPreter TerraLoader VenomLNK
2020-07-20QuoIntelligence
@online{quointelligence:20200720:golden:4a88a80, author = {QuoIntelligence}, title = {{Golden Chickens: Evolution Oof the MaaS}}, date = {2020-07-20}, url = {https://quointelligence.eu/2020/07/golden-chickens-evolution-of-the-maas/}, language = {English}, urldate = {2020-07-23} } Golden Chickens: Evolution Oof the MaaS
More_eggs TerraLoader TerraStealer VenomLNK
2020-01-27QuoScientQuoScient
@online{quoscient:20200127:chicken:3252d47, author = {QuoScient}, title = {{The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors}}, date = {2020-01-27}, organization = {QuoScient}, url = {https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9}, language = {English}, urldate = {2020-01-28} } The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors
TerraRecon TerraStealer TerraTV VenomLNK

There is no Yara-Signature yet.