← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Scripts Delivered via Fake Gitcode and Docusign Pages
WHITE Superpro 2025-06-05 Modified: 2025-07-05
69
IOCs
HIGH VOLUME
A new cyber campaign is using fake websites impersonating Gitcode and DocuSign to trick users into running malicious PowerShell scripts, ultimately infecting systems with NetSupport RAT malware. Researchers found that these deceptive sites prompt victims to copy and execute PowerShell commands, which then download additional scripts from external servers.
ioc domainmalware hashioc ipmalwareioc type
Indicators of Compromise (2 / 69 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 96f78187e8fc777efc3740740db4fba5 MD5 of 80b274871e5024dfa9e513219fe3df82cc8fe4255010bd5d04d23d5833962c10 2025-06-05
FileHash-MD5 9dabf38bd7d2b88ef196ad531202d045 MD5 of f9a241a768397efb4b43924fbd32186fcb1c88716fff3085d3ddcdd322d3404f 2025-06-05
References (1)
↗ https://dti.domaintools.com/how-threat-actors-exploit-human-trust/