Unmasking the Infrastructure of a Spear‑phishing Campaign
Essential information
- Published
- 11/06/2025 09:40
- Modified
- 11/06/2025 10:15
- Tags
- 2025-06-11 asyncrat dcrat limerat opendir remcos spearphishing
- Related entities
- 54 observables, 5 techniques (mitre), 4 malware
Description
Censys researchers uncovered a spear‑phishing campaign where threat actors leveraged a cluster of 16 open directories hosting heavily obfuscated Visual Basic Script (VBS) files. The study analyzes how attackers set up these public-accessible directories to store malicious scripts, the obfuscation techniques employed, and the infrastructure's lifecycle.