Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files

xfce_desktop_window” (behavior_processes:” ; or (behavior_processes:”http” behavior_processes:”.pdf”))Expands detection by combining XFCE environment detection with behaviors involving Google Drive or other PDF-hosting URLs.Content-Based Detectioncontent:{45 78 65 63 3d 62 61 73 68 20 2d 63 20 22} content:{4e 61 6d 65 3d} content:{2e 70 64 66} content:{5b 44 65 73 6b 74 6f 70 20 45 6e 74 72 79 5d}Targets common strings in malicious .desktop files (Exec=bash -c “, Name=, .pdf, [Desktop Entry]) using hexadecimal patterns.Generic .Desktop File Huntingcontent:{5b4465736b746f7020456e7472795d}@0 p:1+Detects .desktop files acting as downloaders or loaders by targeting the [Desktop Entry] header, uncovering samples like those initiating cryptocurrency miners. Google Threat Intelligence has launched a new blog series aimed at empowering security professionals with advanced threat hunting techniques, kicking off with a deep dive into detecting malicious .desktop files on Linux systems. Below is a table summarizing the threat hunting strategies for detecting malicious .desktop files as outlined by Google Threat Intelligence, including the query details and their purposes. According to Google report shared via Google community, When executed, these malicious .desktop files often use the xdg-open command to launch a Google Drive-hosted PDF via the system’s default browser, typically Firefox in the XFCE environment used by Google’s sandbox. Google Threat Intelligence’s blog series equips defenders with practical, query-driven approaches to hunt malicious .desktop files. However, recent uploads to Google Threat Intelligence reveal a new wave of malicious .desktop files that deviate significantly from this norm. Google Threat Intelligence identified several .desktop files uploaded in 2025, potentially linked to the Zscaler-attributed campaign, though attribution remains unconfirmed.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 14 May 2025 09:15:12 +0000


Cyber News related to Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files

Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files - xfce_desktop_window” (behavior_processes:” ; or (behavior_processes:”http” behavior_processes:”.pdf”))Expands detection by combining XFCE environment detection with behaviors involving Google Drive or other ...
2 weeks ago Cybersecuritynews.com
Automating Threat Intelligence: Tools And Techniques For 2025 - Automated threat intelligence leverages artificial intelligence (AI), machine learning (ML), and orchestration platforms to collect, analyze, and act on vast amounts of threat data in real time. These platforms offer features like real-time threat ...
1 month ago Cybersecuritynews.com
Threat Intelligence Feeds Flood Analysts With Data, But Context Still Lacking - By combining external threat data with internal risk assessments, contextual threat intelligence helps organizations measure the risk level of alerts or vulnerabilities in relation to their business and technical assets, ensuring that the most ...
1 month ago Cybersecuritynews.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
1 year ago Cyberdefensemagazine.com Hunters
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
1 year ago Cybersecuritynews.com
Why Threat Intelligence is Crucial for Modern Cyber Defense - Threat intelligence transforms raw data into actionable insights by analyzing adversaries’ tactics, techniques, and procedures (TTPs), empowering security teams to shift from reactive firefighting to strategic defense. Proactive Threat Hunting: ...
1 month ago Cybersecuritynews.com
Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats - In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not be ignored. Threat intelligence involves the systematic collection, analysis, and application of data to understand potential ...
1 year ago Hackread.com
Automating Threat Intelligence Enrichment In Your SIEM With MISP - In conclusion, automating threat intelligence enrichment between MISP and your SIEM using Python is a transformative step for any security operations center. This article explores how to architect, implement, and operationalize automated threat ...
1 month ago Cybersecuritynews.com
The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
1 year ago Feeds.dzone.com
The Role of Threat Intelligence in Proactive Defense - Threat intelligence has emerged as a crucial component in this proactive defense strategy, empowering leaders to make informed decisions, allocate resources effectively, and foster a culture of cyber resilience. By prioritizing threat intelligence ...
1 month ago Cybersecuritynews.com
From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence - This article summarizes the malware families seen by Unit 42 and shared with the broader threat hunting community through our social channels. We also included a number of posts about the cybercrime group TA577 - who have distributed multiple malware ...
1 year ago Unit42.paloaltonetworks.com
How CISOs Can Leverage Threat Intelligence to Stay Proactive - By positioning threat intelligence as a tool for business continuity and competitive advantage, CISOs can foster a culture of security across the organization and ensure sustained executive support. By harnessing the full potential of threat ...
1 month ago Cybersecuritynews.com
eSentire Threat Intelligence reduces false positive alerts - eSentire launched its first standalone cybersecurity product, eSentire Threat Intelligence, extending eSentire's protection and automated blocking capability across firewalls, threat intelligence platforms, email services and endpoint agents. ...
1 year ago Helpnetsecurity.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
1 month ago Cybersecuritynews.com
It's Time to Tear Down the Barriers Preventing Effective Threat Intelligence - Today, organizations are confronted with a deluge of cyber threats, ranging from sophisticated AI-powered ransomware to tried and true brute force attacks. At this point, IT security teams know it's essential to stay one step ahead of cybercriminals, ...
1 year ago Cyberdefensemagazine.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
1 year ago Techrepublic.com
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach - The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. Tigo is the largest mobile carrier in Paraguay, with its ...
1 year ago Bleepingcomputer.com LockBit
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
2 months ago Cybersecuritynews.com
Using Threat Intelligence To Combat Advanced Persistent Threats (APTs) - By incorporating threat intelligence feeds into security operations, organizations gain valuable insights into the tactics, techniques, and procedures (TTPs) used by known APT groups. Modern platforms integrate contextual intelligence feeds, helping ...
1 month ago Cybersecuritynews.com
Cybersixgill Announces Identity Intelligence Module for Threat Analysis - PRESS RELEASE. Tel Aviv, Israel - December 6, 2023 - Cybersixgill, the global cyber threat intelligence data provider, announced today new features and capabilities that take security teams' threat detection and mitigation efforts to new levels, ...
1 year ago Darkreading.com Hunters
Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence - Criminal IP, a renowned Cyber Threat Intelligence search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking ...
1 year ago Hackread.com
Best MDR (Managed Detection & Response) Solutions - 2025 - Cybereason Managed Detection and Response solutions provide 24/7 threat monitoring, advanced endpoint protection, and rapid incident response. Cynet MDR solutions provide automated threat detection and response, ensuring comprehensive security ...
2 months ago Cybersecuritynews.com