New I2PRAT communicates via anonymous peer-to-peer network
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A novel malware strain, I2PRAT, has been discovered utilizing the I2P network for command and control communication. The infection begins with a phishing email leading to a fake CAPTCHA page, which tricks users into executing a malicious PowerShell script. The malware employs UAC bypass, Microsoft Defender evasion techniques, and WFP filters to render the victim's machine vulnerable. The RAT's modular structure includes various plugins for different functionalities, such as downloading files, enabling RDP, managing user accounts, and creating scheduled tasks. The malware has been active since at least March 2024 and may be distributed through PrivateLoader.
OPENCTI LABELS :
phishing,privateloader,uac bypass,i2p,i2prat
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
New I2PRAT communicates via anonymous peer-to-peer network