Tag: vbscript

7 Attack Reports | 0 Vulnerabilities

Attack reports

Cyber Espionage using PowerShell stealer WRECKSTEEL

Ukrainian government's CERT-UA has identified a series of cyberattacks against government agencies and critical infrastructure facilities in Ukraine during March 2025. The attacks, aimed at information theft, utilize compromised accounts to distribute emails with links to public file services. Thes…
powershell
ukraine
cyber espionage
government
vbscript
critical infrastructure
2025-04-03
file stealing
wrecksteel
Published: April 3, 2025
Downloadable IOCs: 71

GetSmoked: UAC-0006 Returns With SmokeLoader Targeting Ukraine's Largest State-Owned Bank

UAC-0006, a financially motivated cyber threat group, has resurfaced with a sophisticated phishing campaign targeting customers of Ukraine’s largest state-owned bank, PrivatBank.
powershell
ukraine
javascript
black basta
vbscript
smokeloader
uac-0006
carbanak
anunak
defense evasion
sha256
2025-02-10
fin7
uac0006
privatbank
bank
model
demo
Published: February 10, 2025
Downloadable IOCs: 62

Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan

A sophisticated cyber espionage campaign dubbed Operation Cobalt Whisper has been uncovered, targeting various industries in Hong Kong and Pakistan. The threat actor focuses on the defense sector, engineering researchers, and key entities in these regions, using tailored lures related to electrotec…
cobalt strike
pakistan
cyber espionage
vbscript
lnk files
2024-10-24
engineering
hong kong
defense sector
Published: October 24, 2024
Downloadable IOCs: 0

Malware by the (Bit)Bucket: Uncovering AsyncRAT

A sophisticated attack campaign using Bitbucket as a legitimate platform to deliver AsyncRAT has been uncovered. The multi-stage approach involves a VBScript obfuscation layer, followed by a PowerShell payload delivery mechanism, and culminates in the execution of AsyncRAT. The attackers exploit Bi…
obfuscation
rat
powershell
asyncrat
vbscript
.net
2024-10-10
bitbucket
Published: October 10, 2024
Downloadable IOCs: 0

Exploring AsyncRAT and Infostealer Plugin Delivery Through…

This analysis details an AsyncRAT infection observed in August 2024, delivered via email. The attack chain involves a Windows Script File that downloads and executes various scripts, ultimately leading to the installation of AsyncRAT with an infostealer plugin. The malware targets multiple browsers…
phishing
powershell
infostealer
asyncrat
vbscript
2024-09-02
process hollowing
cryptocurrency wallets
browser data theft
Published: September 2, 2024
Linked vulnerabilities : CVE-2024-7593 (CVSS 9.8), CVE-2024-28986
Downloadable IOCs: 8

GrimResource - Microsoft Management Console for initial access and evasion

A novel, in-the-wild code execution technique leveraging Microsoft Management Console files (MSC) has been identified by Elastic Security researchers and was first spotted in the wild in June 2016 and is currently being investigated by VirusTotal.
cobalt strike
execution
vbscript
jscript
2024-06-27
msc file
mmc console
grimresource
console
pastaloader
windows script
Published: June 27, 2024
Downloadable IOCs: 3

Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware

Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud storage services like Google Drive and Dropbox for malware delivery, command execution, and data exfiltration. The infection chain starts with a phishing email containing a …
phishing
powershell
cloud
2024-05-22
vbscript
cloud#reverser
Published: May 22, 2024
Downloadable IOCs: 16
Click here to see more Attack Reports