.. /.Appref-ms

Executable

Phishing

Double Click

Contributors:

mr.d0x

Description:

APPREF-MS or Application reference files are similar to APPLICATION files that utilize Microsoft's ClickOnce technology. They can be used to download malware from a remote web server.

OS:

Windows

Recommendation:

Block the execution from unknown publishers or fully block the download and execution of APPREF-MS files.

Resources:

https://i.blackhat.com/USA-19/Wednesday/us-19-Burke-ClickOnce-And-Youre-In-When-Appref-Ms-Abuse-Is-Operating-As-Intended.pdf

.. /.Appref-ms

Contributors:

Description:

OS:

Recommendation:

Resources:

File Samples: