Internet Explorer may be dead, but its ghost still runs malware
Summary
Attackers are still exploiting Microsoft's mshta.exe utility, a component historically linked to Internet Explorer, to deliver modern malware. This 'living off the land' technique leverages a pre-installed Windows binary to execute malicious scripts and payloads, despite Internet Explorer's retirement.
IFF Assessment
The continued abuse of a legacy Windows utility for malware delivery poses an ongoing threat to defenders by providing attackers with a stealthy method to execute malicious code.
Defender Context
Defenders should be aware that older, seemingly deprecated Windows components can still be weaponized. Monitoring for the execution of mshta.exe, especially when originating from unusual or user-initiated processes, and scrutinizing fileless malware delivery chains are crucial mitigation strategies.