Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Oct 22, 2024 12:00 pm Cyber Security 9
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.  The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim’s intervention to trigger the infection chain.  Talos discovered an undocumented PowerShell RAT we’re calling PowerRAT,  as one of the payloads and another infamous Remote Access Tool (RAT) DCRAT. We found a few placeholders for base64 encoded PowerShell scripts in the PowerRAT, indicating that the threat actor is actively developing their tools.  

Victimology 

Talos assesses with high confidence that the threat actor is targeting Russian-speaking users based on the language used in the Phishing emails, luring contents of Malicious documents, a masqueraded HTML webpage of Vkontake (VK), a popular social media application amongst Russian speakers, especially in Russia, Ukraine, Belarus, Kazakhstan, Uzbekistan, and Azerbaijan.  





Support the originator by clicking the read the rest link below.
threat actor abuses gophish deliver powerrat dcrat
Read The Rest from the original source
blog.talosintelligence.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!