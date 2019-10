First, the background

The attack on Pakistan used the target collision hijacking method of the new LNK file path to deliver false shortcut files by mail or other means, pretending to be the Indian and Chinese leaders issued by the Pakistan Naval Public Relations Bureau. The press release of the talks induced the victim to click. Once the user accesses the link contained in the shortcut attribute, the malware is downloaded and all the file information in the computer is stolen.

Second, the attack event

The attack targeted Pakistan, where the attacker disguised the bait document as a press release issued by the Pakistan Navy Public Relations Bureau. The press release recorded the points discussed by Indian Prime Minister Modi and Chinese President Xi Jinping.

Third, technical analysis

3.1 Analysis of malicious LNK files

3.2 Sample analysis: 692cd02.hta

3.3 Sample Analysis: LinkZip.dll