Description
An adversary may rely upon a user clicking a malicious link in order to gain execution. Users may be subjected to social engineering to get them to click on a link that will lead to code execution. This user action will typically be observed as follow-on behavior from [Spearphishing Link](https://attack.mitre.org/techniques/T1566/002). Clicking on a link may also lead to other execution techniques such as exploitation of a browser or application vulnerability via [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203). Links may also lead users to download files that require execution via [Malicious File](https://attack.mitre.org/techniques/T1204/002).
Threat-Mapped Scoring
Threat Score:
1.8
Industry:
Threat Priority:
P4 - Informational (Low)
ATT&CK Kill Chain Metadata
- Tactics: execution
- Platforms: Linux, macOS, Windows
-
Detection Guidance:
Inspect network traffic for indications that a user visited a malicious site, such as links included in phishing campaigns directed at your organization. Anti-virus can potentially detect malicious documents and files that are downloaded from a link and executed on the user's computer.
Malware
APTs (Intrusion Sets)
- APT28
- APT29
- APT3
- APT32
- APT33
- APT38
- APT39
- BlackTech
- Cobalt Group
- Confucius
- Daggerfly
- EXOTIC LILY
- Earth Lusca
- Elderwood
- Evilnum
- FIN4
- FIN7
- FIN8
- Gamaredon Group
- Kimsuky
- LazyScripter
- Leviathan
- LuminousMoth
- Machete
- Magic Hound
- Mofang
- Molerats
- MuddyWater
- Mustang Panda
- Mustard Tempest
- OilRig
- Patchwork
- RedCurl
- Saint Bear
- Sandworm Team
- Sidewinder
- TA2541
- TA505
- TA577
- TA578
- Transparent Tribe
- Turla
- Windshift
- Winter Vivern
- Wizard Spider
- ZIRCONIUM