Tag
high
advisory
Script Execution via Microsoft HTML Application
3 rules 1 TTPDetects the execution of scripts via HTML applications using Windows utilities rundll32.exe or mshta.exe to bypass defenses by proxying execution of malicious content with signed binaries.
Windows +8
defense-evasion
script-execution
3r
1t
high
advisory
Suspicious Script Interpreter Execution from Environment Variable Folders
2 rules 1 TTPMalware may execute scripts from suspicious directories accessible via environment variables using script interpreters like cscript, wscript, mshta, and powershell to evade detection.
Windows
execution
script-execution
malware
2r
1t