← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Scripts Delivered via Fake Gitcode and Docusign Pages
WHITE Superpro 2025-06-05 Modified: 2025-07-05
69
IOCs
HIGH VOLUME
A new cyber campaign is using fake websites impersonating Gitcode and DocuSign to trick users into running malicious PowerShell scripts, ultimately infecting systems with NetSupport RAT malware. Researchers found that these deceptive sites prompt victims to copy and execute PowerShell commands, which then download additional scripts from external servers.
ioc domainmalware hashioc ipmalwareioc type
Indicators of Compromise (2 / 69 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 8e7e3bbcf8d51243462dca4d03af1f0ceabb54e6 SHA1 of 80b274871e5024dfa9e513219fe3df82cc8fe4255010bd5d04d23d5833962c10 2025-06-05
FileHash-SHA1 8f0b8261a1eff925a39ca117099bc8b0317c941b SHA1 of f9a241a768397efb4b43924fbd32186fcb1c88716fff3085d3ddcdd322d3404f 2025-06-05
References (1)
↗ https://dti.domaintools.com/how-threat-actors-exploit-human-trust/