Termite ransomware breaches linked to ClickFix CastleRAT attacks

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
GitHub

PromiseAll/pkg-exe-build

A Node.js tool for configuring Windows PKG package generated exe file icons and detailed information. This project is a fork of AngaBlue/exe version 2.0, with updates and improvements.
GitHub

Microsoft RDP Extensions (MsRdpEx)

Download and install the latest MsRdpEx MSI package GitHub releases. After installation, the launcher executables and API hooking DLL can be found in "%ProgramFiles ...