A custom PowerShell RAT uses to target German users using Ukraine crisis as bait
Security Affairs
MAY 16, 2022
Upon clicking on the bottom, a ZIP archive is downloaded on the victim’s computer. The compressed archive contains a CHM file consisting of several compiled HTML files. The malicious code builds a unique id for the victim and exfiltrates data as a JSON data structure sent to the C2 server via a POST request.
Let's personalize your content