Tag: jscript

5 Attack Reports | 0 Vulnerabilities

Attack reports

A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups

PeckBirdy is a sophisticated JScript-based C&C framework employed by China-aligned APT groups since 2023. It exploits LOLBins across multiple environments to deliver advanced backdoors, targeting gambling industries and Asian government entities. The framework's versatility allows it to be used in …
apt
government
jscript
gambling
darknimbus
lolbins
wizardnet
china-aligned
2026-01-26
biopass rat
c&c framework
CVE-2020-16040
grayrabbit
holodonut
mkdoor
peckbirdy
Published: January 26, 2026
Linked vulnerabilities : CVE-2020-16040
Downloadable IOCs: 21

CountLoader: New Malware Loader Being Served in 3 Different Versions

A new malware loader named CountLoader has been identified, strongly associated with Russian ransomware gangs. It comes in three versions: .NET, PowerShell, and JScript. The threat is believed to be part of an Initial Access Broker's toolset or used by a ransomware affiliate linked to LockBit, Blac…
phishing
ransomware
powershell
ukraine
lumma stealer
malware loader
.net
cobaltstrike
jscript
purehvnc
evasion techniques
initial access broker
adaptixc2
2025-09-19
countloader
Published: September 19, 2025
Downloadable IOCs: 27

JScript to PowerShell: Breaking Down a Loader Delivering XWorm and Rhadamanthys

This analysis examines a sophisticated malware loader that utilizes JScript to launch obfuscated PowerShell code, ultimately delivering payloads such as XWorm and Rhadamanthys. The loader employs geofencing tactics, targeting victims in the United States with XWorm RAT, while deploying Rhadamanthys…
xworm
rhadamanthys
jscript
2025-04-16
Published: April 16, 2025
Downloadable IOCs: 4

GrimResource - Microsoft Management Console for initial access and evasion

A novel, in-the-wild code execution technique leveraging Microsoft Management Console files (MSC) has been identified by Elastic Security researchers and was first spotted in the wild in June 2016 and is currently being investigated by VirusTotal.
cobalt strike
execution
vbscript
jscript
2024-06-27
msc file
mmc console
grimresource
console
pastaloader
windows script
Published: June 27, 2024
Downloadable IOCs: 3

Malicious Campaign Analysis: JScript RAT and CobaltStrike

This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…
obfuscation
rat
encryption
cobaltstrike
2024-06-07
jscript
jscript rat
Published: June 7, 2024
Downloadable IOCs: 4
Click here to see more Attack Reports