Unmasking the Infrastructure of a Spear‑phishing Campaign

SUMMARY :

Censys researchers uncovered a spear‑phishing campaign where threat actors leveraged a cluster of 16 open directories hosting heavily obfuscated Visual Basic Script (VBS) files. The study analyzes how attackers set up these public-accessible directories to store malicious scripts, the obfuscation techniques employed, and the infrastructure's lifecycle.

OPENCTI LABELS :

dcrat,remcos,asyncrat,spearphishing,opendir,limerat


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unmasking the Infrastructure of a Spear‑phishing Campaign