Tag

Initial_access

2 briefs RSS

Malware Spreading Through Fake 'Claude Code' Google Ads

Malware is distributed via malicious advertisements on Google impersonating 'Claude Code', targeting both Windows and macOS operating systems with the goal of infecting users.

malware google_ads initial_access windows macos

2r 1t Mar 15, 2026

medium advisory

Windows Script Interpreter Executing Process via WMI

2 rules 4 TTPs

The rule identifies the use of Windows script interpreters (cscript.exe or wscript.exe) executing a process via Windows Management Instrumentation (WMI), which may indicate malicious activity, especially when initiated by non-system accounts.

Sysmon windows wmi script_execution initial_access execution

2r 4t Jan 3, 2024