“The threat group’s motivations are currently unknown, but we suspect that the group is financially motivated based on the seemingly industry-agnostic leading to ransomware activity.”
Researchers said, the DLL sample did not execute the VBScript when run by itself. However, when run with Mshta.exe – a Windows-native utility designed to execute Microsoft HTML Application (HTA) files – the Mshta.exe utility would locate and execute the VBScript without any issues. This…
Source link