"The domains in question were used to host a variety of malicious content, including phishing pages and VBS scripts that serve as the initial stage of malware deployment."
"While Visual Basic Script (VBS) might seem outdated, it's still a go-to tool for initial access due to its compatibility with Windows systems and ability to run silently in the background."
Blind Eagle, a threat actor, has been linked to the Russian bulletproof hosting service Proton66, according to Trustwave SpiderLabs. Their report indicates that the group utilizes Visual Basic Script (VBS) files to initiate attacks, facilitating the installation of readily available remote access trojans (RATS). The research noted a pattern in domains related to Proton66, primarily using dynamic DNS to complicate detection efforts. Despite its perceived obsolescence, VBS remains effective for attackers due to its ease of integration with Windows and ability to operate stealthily, enabling initial access and malware deployment.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]