Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/wdormann/statuses/113040022683976674">Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 12-Sep-2024 01:47:44 JST</a><a href="https://infosec.exchange/@wdormann" title="wdormann@infosec.exchange"><img src="https://gnusocial.jp/avatar/232810-48-20240116185707.webp" width="48" height="48" alt="Will Dormann" style="position: absolute; left: 0; top: 0;">Will Dormann</a><div><a href="https://infosec.exchange/@wdormann/113039953251765897" rel="in-reply-to">in reply to</a></div></section><article><p>I already have a good number of LNK files that have exploited this to-be-CVE'd vulnerability over the years.</p><p>A precise search for one of the three variants seems to be to look for ExifTool metadata where the TargetFileDOSName value has slashes in it.</p><p>However, while VirusTotal obviously captures and stores this data, it doesn't seem to be possible to construct a search that looks for anything there?  🤔</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3651109#notice-7154423">In conversation</a><time datetime="2024-09-12T01:47:44+09:00" title="Thursday, 12-Sep-2024 01:47:44 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@wdormann/113040022683976674" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@wdormann/113040022683976674">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3155210">Untitled attachment</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/040/020/917/284/801/original/a0f40c4d6ea95150.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/040/020/917/284/801/original/a0f40c4d6ea95150.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 12-Sep-2024 01:47:44 JST Will Dormann
in reply to
I already have a good number of LNK files that have exploited this to-be-CVE'd vulnerability over the years.
A precise search for one of the three variants seems to be to look for ExifTool metadata where the TargetFileDOSName value has slashes in it.
However, while VirusTotal obviously captures and stores this data, it doesn't seem to be possible to construct a search that looks for anything there? 🤔
In conversationabout 2 months ago from infosec.exchangepermalink
Attachments
1. Untitled attachment
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/040/020/917/284/801/original/a0f40c4d6ea95150.png

Public

Embed Notice

HTML Code

Corresponding Notice