{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/script-dropper/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Windows"],"_cs_severities":["high"],"_cs_tags":["script-dropper","file-creation","windows"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eThe WScript or CScript Dropper technique is a method employed by attackers to introduce malicious script files into a system. It leverages the built-in Windows scripting hosts, \u003ccode\u003ecscript.exe\u003c/code\u003e and \u003ccode\u003ewscript.exe\u003c/code\u003e, to write files with extensions commonly associated with scripting languages (e.g., \u003ccode\u003e.js\u003c/code\u003e, \u003ccode\u003e.vbs\u003c/code\u003e, \u003ccode\u003e.wsf\u003c/code\u003e). These scripts are often written to temporary or user-accessible directories, such as \u003ccode\u003e\\Temp\\\u003c/code\u003e, \u003ccode\u003e\\AppData\\\u003c/code\u003e, or \u003ccode\u003e\\Startup\\\u003c/code\u003e, where they can be executed later, either manually or…\u003c/p\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-cscript-wscript-dropper/","summary":"The WScript or CScript Dropper technique involves using cscript.exe or wscript.exe to write malicious script files (js, jse, vba, vbe, vbs, wsf, wsh) to suspicious locations on a Windows system for later execution.","title":"WScript or CScript Dropper","url":"https://feed.craftedsignal.io/briefs/2024-01-cscript-wscript-dropper/"}],"language":"en","title":"CraftedSignal Threat Feed — Script-Dropper","version":"https://jsonfeed.org/version/1.1"}