As SANS ISC shares, this is a valuable new addition to add to corporate & personal email filtering. JNLP is a special very rare file type that should not be in normal email traffic.
When hunting, one thing that I like to learn is how attackers can be imaginative at deploying new techniques. I spotted some emails that had suspicious attachments based on the ‘.jnlp’ extension. I’m pretty sure that many people don’t know what’s their purpose and, if you don’t know them, you don’t have a look at them on your logs … That makes them a good candidate to deliver malicious code! … Basically, a JNLP file is… an XML file! It is created in the “Java Network Launching Protocol”. It contains all the required information to execute a Java program. Usually, it contains the address where to download the malicious applet and the initial class to run.
Go to Source of this post
Author Of this post: harrywaldron