Skip to main content

Traffic to a destination serving malicious JavaScript

ID:malicious_js
Data type:DNS, HTTP
Severity:
Medium
MITRE ATT&CK:TA0001:T1189

Description

AlphaSOC detected network traffic to a destination known for serving malicious JavaScript. This indicates that a system or a user within the network has requested content, such as a web page or script, from a known malicious source. Malicious JavaScript can be used to exploit browser vulnerabilities, redirect users to malicious sites, or download and execute additional malware.

Impact

Malicious JavaScript can have significant consequences and lead to unauthorized access, data theft, and further compromise of the affected system. It can allow adversaries to execute arbitrary code, steal sensitive information, or establish persistence on the infected machine. This can serve as an entry point for more serious attacks, potentially leading to a full-scale breach of the organization's network.

Severity

SeverityCondition
Medium
Traffic to a destination serving malicious JavaScript

Investigation and Remediation

Investigate the affected system for signs of compromise, including unexpected processes, files, or network connections. Analyze browser history and cached files to identify the source of the malicious JavaScript. Isolate the affected system and perform a thorough malware scan. If compromise is confirmed, consider reimaging the system and resetting associated user credentials.