When the user clicked the LNK file, it triggered a series of commands (often using PowerShell or legitimate Windows tools like mshta.exe ) to download and execute the TinyNode or TinyPosh backdoor.
If it has already been opened, disconnect the computer from the network immediately to prevent the spread of the infection. File: heavennhell_en.zip ...
This file was used as a malicious attachment in a observed around August 2022 . The attack specifically targeted Russian organizations (such as banks and manufacturing plants) by impersonating a prominent legal firm or industrial company. Technical Details of the Attack When the user clicked the LNK file, it
Victims received an email about a purported legal "claim" or "arbitration matter." The email contained a link to a file-sharing service (like Dropbox or OneDrive) to download the ZIP file. File: heavennhell_en.zip ...