Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.
ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.
The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia.