A DNS analysis of infrastructure behind ongoing MSHTA abuse uncovered malicious registrations, typosquatting clusters, victim activity, and hundreds of linked indicators, revealing how legacy Windows tooling continues enabling modern malware campaigns through interconnected DNS intelligence.