Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new phishing campaign targeting Russian-speaking users employs the open-source Gophish framework to deliver DarkCrystal RAT and a novel remote access trojan called PowerRAT. The attack utilizes modular infection chains, either through malicious Microsoft Word documents or HTML files with embedded JavaScript. The campaign exploits Gophish to send phishing emails and deploy the malware. The infection process involves multiple stages, including the use of Visual Basic macros, HTML applications, and PowerShell scripts. Both PowerRAT and DCRat have capabilities for system reconnaissance, data exfiltration, and remote control. The attackers use various techniques to evade detection, such as HTML smuggling and nested self-extracting archives.
OPENCTI LABELS :
phishing,dcrat,remote access trojan,html smuggling,darkcrystal rat,russian-speaking,powerrat,gophish
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans