ModeloRAT Campaign Moves from Teams to Domain Theft
Source: Socprime
Published:
<p>Rapid7 analyzed an intrusion that started with a malicious Microsoft Teams message masquerading as IT support. The attacker used a Dropbox-hosted Python payload to deploy ModeloRAT, escalate privileges through CVE-2023-36036 , and steal domain credentials by presenting a fake lock screen to the v