A new phishing campaign discovered by Cisco Talos utilizes the open-source Gophish toolkit to distribute malware. This campaign leverages modular infection chains, either Maldoc or HTML-based, that require user interaction to activate. This attack delivers a previously undocumented PowerShell RAT, dubbed PowerRAT, along with the infamous Remote Access Tool (RAT) DCRAT. This indicates the threat actors are actively developing their tools and targeting Russian-speaking users. The attack uses malicious Microsoft Word documents and HTML files containing malicious JavaScript as initial infection vectors. These vectors lead to the download and activation of either PowerRAT or DCRAT based on the initial vector, with the attacker-controlled hosting domains disk-yanbex[.]ru and e-connection[.]ru delivering the payloads. The campaign is highly concerning due to its use of a readily available toolkit and the potential for further development and refinement of the PowerRAT malware. It highlights the importance of maintaining strong cybersecurity practices to protect against phishing attacks and the need for vigilance against emerging threats.