Product

Windows Script Host

3 briefs RSS

Zoom-themed Phishing Campaign Delivering ConnectWise ScreenConnect

A phishing campaign impersonates Zoom to trick users into downloading and installing ConnectWise ScreenConnect, a legitimate remote monitoring and management tool, allowing attackers to gain persistent remote access, harvest credentials, and deploy secondary malware such as ransomware.

Zoom +2 phishing remote_access social_engineering screenconnect

2r 5t 4i May 18, 2026

high advisory

Command and Scripting Interpreter via Windows Scripts

2 rules 1 TTP

This rule detects the execution of PowerShell, PowerShell ISE, or Cmd spawned from Windows Script Host or MSHTA, indicating potential abuse of scripting interpreters to execute malicious commands or scripts on Windows systems.

Microsoft Defender XDR +8 execution scripting windows

2r 1t Nov 14, 2024

medium advisory

Remote File Download via Script Interpreter

2 rules 3 TTPs

Attackers are using Windows script interpreters (cscript.exe or wscript.exe) to download executable files from remote locations to deliver second-stage payloads or download tools.

Windows Script Host command-and-control execution windows script_interpreter

2r 3t Jan 28, 2024