.. /.Jnlp

Phishing
Double Click
Executable
External

Author:

mr.d0x

Description:

JNLP or Java Network Launching Protocol is a XML formatted file that is used to launch Java programs over the network or internet. Java Runtime Environment (JRE) is required to run JNLP files. JNLP files can be used to download and execute remote malicious JAR files.

OS:

Windows
Mac
Linux

Recommendation:

If feasible, block the download and execution of JNLP files and only give specific users the ability to use them. Otherwise monitor outgoing connections made by JNLP files. JNLP files should not be accepted as email attachments and should be blocked at the email gateway.

Resources:

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trickbot-disguised-as-covid-19-map/

File Samples:

https://www.virustotal.com/gui/file/541313dcce5d30e81078427152fd69d91ead152670d8c633116c05dc70cbd353/detection
https://www.joesandbox.com/analysis/361228/0/html

Contributions: