In Bad Company: JScript RAT and CobaltStrike – Cyber Security News Aggregator

Summary: This content provides an overview of a JScript RAT attack chain, which is often distributed through phishing campaigns.

Threat Actor: JScript RAT | JScript RAT
Victim: N/A

Key Point :

The JScript RAT attack chain starts with a phishing campaign, where the victim is tricked into executing an initial loader script.
The loader script contacts a command and control (C&C) server, which responds with a new malicious script.
The second stage loader script communicates with the C&C server to retrieve the JScript RAT component.
The JScript RAT component can run indefinitely and execute commands received from the C&C server.

The attack pattern is illustrated below. Over the past years, it has been noted that JScript based RATs have often been distributed via phishing campaigns. We suspect that this attack uses the same technique. Once the initial loader script is executed, it contacts a command and control (C&C) server, which responds with a new malicious script. This is the second stage loader and is executed on the fly. The second stage loader communicates with the C&C server to get the RAT component, once again scripted with JScript. The RAT component has the capability to continue running until directed to stop, and execute additional commands received from the C&C server.

Attack overview

Source: https://www.gdatasoftware.com/blog/2024/06/37955-jscript-rat-and-cobaltstrike

“An interesting youtube video that may be related to the article above”

Tags: PHISHING