Tag
high
advisory
Incoming DCOM Lateral Movement via MSHTA
2 rules 1 TTPDetection of Distributed Component Object Model (DCOM) abuse to execute commands from a remote host via the HTA Application COM Object, potentially indicating lateral movement.
Windows
lateral-movement
dcom
mshta
2r
1t
high
advisory
Suspicious Microsoft HTML Application Child Process
2 rules 1 TTPMshta.exe spawning a suspicious child process, such as cmd.exe or powershell.exe, indicates potential adversarial activity leveraging Mshta to execute malicious scripts and evade detection on Windows systems.
Windows +2
defense-evasion
mshta
process-creation
2r
1t