216.73.217.64

Phishing Campaign Targeting Companies via UpCrypter

· Published 26/08/2025 00:06 · Modified 26/08/2025 08:27

Export JSON

Essential information

Published
26/08/2025 00:06
Modified
26/08/2025 08:27
Tags
2025-08-26 anti-analysis anti-vm babylon rat dcrat global campaign obfuscation persistence phishing purehvnc remote access tools upcrypter
Related entities
29 observables, 17 techniques (mitre), 4 malware, 6 others

Description

A sophisticated campaign has been identified, utilizing carefully crafted emails to deliver malicious URLs linked to convincing pages. These pages entice recipients to download JavaScript files that act as droppers for , a malware that ultimately deploys various (RATs). The attack chain begins with obfuscated scripts redirecting victims to spoofed sites personalized with the target's email domain. The campaign uses different lures, including voicemail-themed and purchase order-themed emails. , the central loader framework, stages and deploys multiple RATs, including , , and . The malware employs and techniques, downloads additional payloads, and establishes . This campaign operates globally, affecting multiple industries, and demonstrates an adaptable threat delivery ecosystem capable of bypassing defenses and maintaining across different environments.

External references