Malicious Link
An adversary may rely upon a user clicking a malicious link in order to gain execution. Users may be subjected to social engineering to get them to click on a link that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Link. Clicking on a link may also lead to other execution techniques such as exploitation of a browser or application vulnerability via Exploitation for Client Execution. Links may also lead users to download files that require execution via Malicious File.
Open detection, hunting, mitigation, and evidence workspace
Detection logic
Inspect network traffic for indications that a user visited a malicious site, such as links included in phishing campaigns directed at your organization. Anti-virus can potentially detect malicious documents and files that are downloaded from a link and executed on the user's computer.
Observed actors
G0066APT3
G0022Mustard Tempest
G1020Kimsuky
G0094EXOTIC LILY
G1011TA577
G1037Patchwork
G0040Evilnum
G0120APT32
G0050MuddyWater
G0069Gamaredon Group
G0047FIN7
G0046Sandworm Team
G0034Machete
G0095Sidewinder
G0121Mustang Panda
G0129ZIRCONIUM
G0128APT39
G0087TA2541
G1018OilRig
G0049Saint Bear
G1031Confucius
G0142BlackTech
G0098Leviathan
G0065Winter Vivern
G1035Turla
G0010TA505
G0092RedCurl
G1039Mofang
G0103APT29
G0016TA578
G1038Ember Bear
G1003LazyScripter
G0140Windshift
G0112LuminousMoth
G1014APT28
G0007Lazarus Group
G0032Earth Lusca
G1006FIN4
G0085Cobalt Group
G0080Wizard Spider
G0102Molerats
G0021Transparent Tribe
G0134Daggerfly
G1034Magic Hound
G0059APT33
G0064FIN8
G0061