COPPER FIELDSTONE

COPPER FIELDSTONE is a threat group operating out of Pakistan targeting primarily Indian diplomatic and military personnel. COPPER FIELDSTONE has developed and deployed custom RATs, Peppy, Crimson RAT, and CapraRAT (Android) as well as using commodity/open source tools including ObliqueRAT, njRAT, Gamarue (also known as Andromeda), LuminosityLink and DarkComet.

In 2020 and 2021, COPPER FIELDSTONE operated a spearphishing campaign featuring Indian government-themed lures in malicious documents that delivered Crimson RAT or ObliqueRAT. COPPER FIELDSTONE also used CapraRAT in this campaign, which is Android malware that appears to be based on the open source AndroRAT malware. A second campaign identified in February 2020 involved email phishing using a weaponized Excel file as the delivery mechanism for a payload of SilentCMD, which was used to execute commands from the C2 server and download a CrimsonRAT payload. In late 2016, COPPER FIELDSTONE launched a campaign involving custom-developed malicious Android and BlackBerry apps with remote surveillance and data theft capabilities.