Hyphisher is a phishing kit that focuses on targeting
Hypixel & LunarClient users using various lures such
as free ranks, cosmetics or modifications.
It works by socially engineering victims into thinking they have been gifted an item from the attacker/compromised account, it then asks the victim to enter their username and email, upon doing this the backend will send the victim an email asking to verify the gift by entering their authentication code into the website.
This specific kit dubbed Hyphisher is developed by a threat
actor named GuteNacht and has since been modified and forked
by other threat actors within the threat landscape.
title: Hyphisher Phishing Kit e393965e
description: |
`Hyphisher` is a phishing kit that focuses on targeting
Hypixel & LunarClient users using various lures such
as free ranks, cosmetics or modifications.
It works by socially engineering victims into thinking they
have been gifted an item from the attacker/compromised account,
it then asks the victim to enter their username and email, upon
doing this the backend will send the victim an email asking to
verify the gift by entering their authentication code into the
website.
This specific kit dubbed `Hyphisher` is developed by a threat
actor named `GuteNacht` and has since been modified and forked
by other threat actors within the threat landscape.
references:
- https://urlscan.io/result/e393965e-1285-489d-b9db-a57aa1cca8cc
- https://urlscan.io/result/87946bb2-475d-4a89-ab1f-b1bd124736e5
detection:
siteElementScript:
requests|contains: 'site.js'
jsCodeSnippets:
js|contains|all:
- 'sendCode'
- 'sendEmail'
condition: siteElementScript and jsCodeSnippets
tags:
- kit
- target.hypixel
- target.lunar_client
- threat_actor.gutenacht