Can You Spot the Trick? WebDAV + URL + LNK: A Client-Side Exploitation Recipe for Disaster

Ethical Empire

Offensive View:

Properties of the created LNK file 
URL file linking to the tag 
LNK file download logs from WebDav server

Defensive View:

Visualization of the execution chain 
Contents of the URL of the file the user is executing, viewed in ANY.RUN sandbox 
Yara Hunting Rule
Suricata Rule for Detection
Blocking URL Detection
Suricata Rules