216.73.216.86

Unmasking the Infrastructure of a Spear‑phishing Campaign

· Published 11/06/2025 09:40 · Modified 11/06/2025 10:15

Export JSON

Essential information

Published
11/06/2025 09:40
Modified
11/06/2025 10:15
Tags
2025-06-11 asyncrat dcrat limerat opendir remcos spearphishing
Related entities
54 observables, 5 techniques (mitre), 4 malware

Description

Censys researchers uncovered a spear‑phishing campaign where threat actors leveraged a cluster of 16 open directories hosting heavily obfuscated Visual Basic Script (VBS) files. The study analyzes how attackers set up these public-accessible directories to store malicious scripts, the obfuscation techniques employed, and the infrastructure's lifecycle.

External references