mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-08 19:31:39 +00:00
291 lines
20 KiB
Markdown
291 lines
20 KiB
Markdown
# Remcos - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Remcos](https://vuldb.com/?actor.remcos). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.remcos](https://vuldb.com/?actor.remcos)
|
|
|
|
## Campaigns
|
|
|
|
The following _campaigns_ are known and can be associated with Remcos:
|
|
|
|
* Ukraine
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Remcos:
|
|
|
|
* [ES](https://vuldb.com/?country.es)
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [GB](https://vuldb.com/?country.gb)
|
|
* ...
|
|
|
|
There are 12 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Remcos.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [2.58.47.203](https://vuldb.com/?ip.2.58.47.203) | - | - | High
|
|
2 | [3.13.31.214](https://vuldb.com/?ip.3.13.31.214) | ec2-3-13-31-214.us-east-2.compute.amazonaws.com | - | Medium
|
|
3 | [3.64.163.50](https://vuldb.com/?ip.3.64.163.50) | ec2-3-64-163-50.eu-central-1.compute.amazonaws.com | - | Medium
|
|
4 | [3.94.41.167](https://vuldb.com/?ip.3.94.41.167) | ec2-3-94-41-167.compute-1.amazonaws.com | - | Medium
|
|
5 | [3.230.36.58](https://vuldb.com/?ip.3.230.36.58) | ec2-3-230-36-58.compute-1.amazonaws.com | - | Medium
|
|
6 | [5.2.75.164](https://vuldb.com/?ip.5.2.75.164) | - | - | High
|
|
7 | [5.61.37.41](https://vuldb.com/?ip.5.61.37.41) | - | - | High
|
|
8 | [5.181.234.139](https://vuldb.com/?ip.5.181.234.139) | - | - | High
|
|
9 | [5.181.234.145](https://vuldb.com/?ip.5.181.234.145) | - | - | High
|
|
10 | [5.249.226.166](https://vuldb.com/?ip.5.249.226.166) | uw19.uniweb.no | - | High
|
|
11 | [8.253.139.120](https://vuldb.com/?ip.8.253.139.120) | - | - | High
|
|
12 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
|
13 | [13.107.42.12](https://vuldb.com/?ip.13.107.42.12) | 1drv.ms | - | High
|
|
14 | [13.107.42.13](https://vuldb.com/?ip.13.107.42.13) | - | - | High
|
|
15 | [13.107.43.12](https://vuldb.com/?ip.13.107.43.12) | - | - | High
|
|
16 | [13.107.43.13](https://vuldb.com/?ip.13.107.43.13) | - | - | High
|
|
17 | [13.225.214.71](https://vuldb.com/?ip.13.225.214.71) | server-13-225-214-71.ewr50.r.cloudfront.net | - | High
|
|
18 | [13.225.214.91](https://vuldb.com/?ip.13.225.214.91) | server-13-225-214-91.ewr50.r.cloudfront.net | - | High
|
|
19 | [13.225.214.108](https://vuldb.com/?ip.13.225.214.108) | server-13-225-214-108.ewr50.r.cloudfront.net | - | High
|
|
20 | [13.225.230.20](https://vuldb.com/?ip.13.225.230.20) | server-13-225-230-20.jfk51.r.cloudfront.net | - | High
|
|
21 | [13.250.255.10](https://vuldb.com/?ip.13.250.255.10) | ec2-13-250-255-10.ap-southeast-1.compute.amazonaws.com | - | Medium
|
|
22 | [15.197.142.173](https://vuldb.com/?ip.15.197.142.173) | a4ec4c6ea1c92e2e6.awsglobalaccelerator.com | - | High
|
|
23 | [18.214.132.216](https://vuldb.com/?ip.18.214.132.216) | ec2-18-214-132-216.compute-1.amazonaws.com | - | Medium
|
|
24 | [20.7.43.70](https://vuldb.com/?ip.20.7.43.70) | - | - | High
|
|
25 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
|
26 | [20.42.73.27](https://vuldb.com/?ip.20.42.73.27) | - | - | High
|
|
27 | [20.106.94.110](https://vuldb.com/?ip.20.106.94.110) | - | - | High
|
|
28 | [20.190.151.7](https://vuldb.com/?ip.20.190.151.7) | - | - | High
|
|
29 | [20.190.151.8](https://vuldb.com/?ip.20.190.151.8) | - | - | High
|
|
30 | [20.190.151.68](https://vuldb.com/?ip.20.190.151.68) | - | - | High
|
|
31 | [20.190.151.70](https://vuldb.com/?ip.20.190.151.70) | - | - | High
|
|
32 | [20.190.151.131](https://vuldb.com/?ip.20.190.151.131) | - | - | High
|
|
33 | [20.190.151.132](https://vuldb.com/?ip.20.190.151.132) | - | - | High
|
|
34 | [20.190.151.133](https://vuldb.com/?ip.20.190.151.133) | - | - | High
|
|
35 | [20.190.152.21](https://vuldb.com/?ip.20.190.152.21) | - | - | High
|
|
36 | [20.190.154.139](https://vuldb.com/?ip.20.190.154.139) | - | - | High
|
|
37 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
|
38 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
|
39 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
|
40 | [23.21.205.229](https://vuldb.com/?ip.23.21.205.229) | ec2-23-21-205-229.compute-1.amazonaws.com | - | Medium
|
|
41 | [23.21.213.140](https://vuldb.com/?ip.23.21.213.140) | ec2-23-21-213-140.compute-1.amazonaws.com | - | Medium
|
|
42 | [23.38.131.139](https://vuldb.com/?ip.23.38.131.139) | a23-38-131-139.deploy.static.akamaitechnologies.com | - | High
|
|
43 | [23.46.239.18](https://vuldb.com/?ip.23.46.239.18) | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High
|
|
44 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
|
|
45 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
|
|
46 | [23.82.12.29](https://vuldb.com/?ip.23.82.12.29) | - | - | High
|
|
47 | [23.105.131.193](https://vuldb.com/?ip.23.105.131.193) | - | - | High
|
|
48 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | - | - | High
|
|
49 | [23.105.131.222](https://vuldb.com/?ip.23.105.131.222) | - | - | High
|
|
50 | [23.196.74.222](https://vuldb.com/?ip.23.196.74.222) | a23-196-74-222.deploy.static.akamaitechnologies.com | - | High
|
|
51 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
|
|
52 | [23.199.63.83](https://vuldb.com/?ip.23.199.63.83) | a23-199-63-83.deploy.static.akamaitechnologies.com | - | High
|
|
53 | [23.223.37.181](https://vuldb.com/?ip.23.223.37.181) | a23-223-37-181.deploy.static.akamaitechnologies.com | - | High
|
|
54 | [23.226.128.197](https://vuldb.com/?ip.23.226.128.197) | 23.226.128.197.static.quadranet.com | - | High
|
|
55 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
|
|
56 | [34.96.116.138](https://vuldb.com/?ip.34.96.116.138) | 138.116.96.34.bc.googleusercontent.com | - | Medium
|
|
57 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
|
58 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
|
|
59 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
|
60 | [34.197.12.81](https://vuldb.com/?ip.34.197.12.81) | ec2-34-197-12-81.compute-1.amazonaws.com | - | Medium
|
|
61 | [34.202.33.33](https://vuldb.com/?ip.34.202.33.33) | ec2-34-202-33-33.compute-1.amazonaws.com | - | Medium
|
|
62 | [34.239.194.181](https://vuldb.com/?ip.34.239.194.181) | ec2-34-239-194-181.compute-1.amazonaws.com | - | Medium
|
|
63 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
|
64 | [35.214.144.124](https://vuldb.com/?ip.35.214.144.124) | 124.144.214.35.bc.googleusercontent.com | - | Medium
|
|
65 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
|
66 | [37.0.14.217](https://vuldb.com/?ip.37.0.14.217) | - | - | High
|
|
67 | [37.1.206.16](https://vuldb.com/?ip.37.1.206.16) | free.ispiria.net | - | High
|
|
68 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
|
|
69 | [37.120.138.222](https://vuldb.com/?ip.37.120.138.222) | - | - | High
|
|
70 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
|
|
71 | [37.139.64.106](https://vuldb.com/?ip.37.139.64.106) | - | - | High
|
|
72 | [37.139.129.142](https://vuldb.com/?ip.37.139.129.142) | - | - | High
|
|
73 | [37.230.130.153](https://vuldb.com/?ip.37.230.130.153) | - | - | High
|
|
74 | [37.235.1.174](https://vuldb.com/?ip.37.235.1.174) | resolver1.freedns.zone.powered.by.virtexxa.com | - | High
|
|
75 | [37.235.1.177](https://vuldb.com/?ip.37.235.1.177) | resolver2.freedns.zone.powered.by.virtexxa.com | - | High
|
|
76 | [38.26.191.78](https://vuldb.com/?ip.38.26.191.78) | - | - | High
|
|
77 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
|
78 | [40.126.28.12](https://vuldb.com/?ip.40.126.28.12) | - | - | High
|
|
79 | [40.126.28.22](https://vuldb.com/?ip.40.126.28.22) | - | - | High
|
|
80 | [41.190.3.209](https://vuldb.com/?ip.41.190.3.209) | www.9mobile.com.ng | - | High
|
|
81 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
|
82 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
|
|
83 | [45.15.143.148](https://vuldb.com/?ip.45.15.143.148) | - | - | High
|
|
84 | [45.74.32.12](https://vuldb.com/?ip.45.74.32.12) | - | - | High
|
|
85 | [45.95.168.62](https://vuldb.com/?ip.45.95.168.62) | maxko-hosting.com | - | High
|
|
86 | [45.133.174.177](https://vuldb.com/?ip.45.133.174.177) | - | - | High
|
|
87 | [45.148.17.62](https://vuldb.com/?ip.45.148.17.62) | mail.spokel.se | - | High
|
|
88 | [46.2.255.122](https://vuldb.com/?ip.46.2.255.122) | - | - | High
|
|
89 | [46.105.127.143](https://vuldb.com/?ip.46.105.127.143) | ns385442.ip-46-105-127.eu | - | High
|
|
90 | [46.243.147.194](https://vuldb.com/?ip.46.243.147.194) | - | - | High
|
|
91 | [46.243.239.153](https://vuldb.com/?ip.46.243.239.153) | - | - | High
|
|
92 | [46.243.249.150](https://vuldb.com/?ip.46.243.249.150) | - | - | High
|
|
93 | [46.246.80.68](https://vuldb.com/?ip.46.246.80.68) | c-46-246-80-68.ip4.frootvpn.com | - | High
|
|
94 | [47.254.172.117](https://vuldb.com/?ip.47.254.172.117) | - | - | High
|
|
95 | ... | ... | ... | ...
|
|
|
|
There are 376 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Remcos_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
|
3 | T1055 | CWE-74 | Injection | High
|
|
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 19 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Remcos. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `/.dbus-keyrings` | High
|
|
2 | File | `/admin/delete_user.php` | High
|
|
3 | File | `/administrator/components/table_manager/` | High
|
|
4 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
|
5 | File | `/blog/blog.php` | High
|
|
6 | File | `/BRS_netgear_success.html` | High
|
|
7 | File | `/cimom` | Low
|
|
8 | File | `/common/info.cgi` | High
|
|
9 | File | `/data/wps.setup.json` | High
|
|
10 | File | `/etc/sudoers` | Medium
|
|
11 | File | `/forum/away.php` | High
|
|
12 | File | `/librarian/bookdetails.php` | High
|
|
13 | File | `/mcategory.php` | High
|
|
14 | File | `/messageboard/view.php` | High
|
|
15 | File | `/mhds/clinic/view_details.php` | High
|
|
16 | File | `/movie.php` | Medium
|
|
17 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
|
18 | File | `/out.php` | Medium
|
|
19 | File | `/rom-0` | Low
|
|
20 | File | `/sbin/orthrus` | High
|
|
21 | File | `/sbin/rtspd` | Medium
|
|
22 | File | `/textpattern/index.php` | High
|
|
23 | File | `/tmp` | Low
|
|
24 | File | `/uncpath/` | Medium
|
|
25 | File | `/usr/bin/at` | Medium
|
|
26 | File | `/var/www/video/mp4ts` | High
|
|
27 | File | `/wabt/bin/poc.wasm` | High
|
|
28 | File | `/wp-admin/admin-ajax.php` | High
|
|
29 | File | `/wp-admin/options.php` | High
|
|
30 | File | `/wp-json/oembed/1.0/embed?url` | High
|
|
31 | File | `123flashchat.php` | High
|
|
32 | File | `404.php` | Low
|
|
33 | File | `a2billing/customer/iridium_threed.php` | High
|
|
34 | File | `Access.app/Contents/Resources/kcproxy` | High
|
|
35 | File | `actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb` | High
|
|
36 | File | `adclick.php` | Medium
|
|
37 | ... | ... | ...
|
|
|
|
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://1275.ru/ioc/87/remcos-rat-remote-access-trojan-ioc/
|
|
* https://asec.ahnlab.com/en/31429/
|
|
* https://asec.ahnlab.com/en/32085/
|
|
* https://asec.ahnlab.com/en/34876/
|
|
* https://asec.ahnlab.com/en/36042/
|
|
* https://asec.ahnlab.com/en/36586/
|
|
* https://asec.ahnlab.com/en/37837/
|
|
* https://blog.morphisec.com/remcos-trojan-analyzing-attack-chain
|
|
* https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities
|
|
* https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
|
|
* https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html
|
|
* https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html
|
|
* https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
|
|
* https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
|
|
* https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html
|
|
* https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html
|
|
* https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
|
|
* https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
|
|
* https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html
|
|
* https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html
|
|
* https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html
|
|
* https://blog.talosintelligence.com/2020/04/threat-roundup-0417-0424.html
|
|
* https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html
|
|
* https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html
|
|
* https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html
|
|
* https://blog.talosintelligence.com/2020/06/threat-roundup-0605-0612.html
|
|
* https://blog.talosintelligence.com/2020/06/threat-roundup-0619-0626.html
|
|
* https://blog.talosintelligence.com/2020/07/threat-roundup-0710-0717.html
|
|
* https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
|
|
* https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
|
|
* https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
|
|
* https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html
|
|
* https://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html
|
|
* https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
|
|
* https://blog.talosintelligence.com/2021/08/threat-roundup-0806-0813.html
|
|
* https://blog.talosintelligence.com/2021/08/threat-roundup-0813-0820.html
|
|
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
|
* https://blog.talosintelligence.com/2021/09/threat-roundup-0910-0917.html
|
|
* https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html
|
|
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
|
|
* https://blog.talosintelligence.com/2021/10/threat-roundup-1008-1015.html
|
|
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
|
|
* https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html
|
|
* https://blog.talosintelligence.com/2021/11/threat-roundup-1112-1119.html
|
|
* https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
|
|
* https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
|
|
* https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html
|
|
* https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.html
|
|
* https://blog.talosintelligence.com/2022/03/ukraine-invasion-scams-malware.html
|
|
* https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
|
|
* https://blog.talosintelligence.com/2022/07/threat-roundup-0701-0708.html
|
|
* https://blog.talosintelligence.com/2022/08/threat-roundup-0729-0805.html
|
|
* https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html
|
|
* https://blog.talosintelligence.com/2022/09/threat-roundup-0923-0930.html
|
|
* https://blog.talosintelligence.com/threat-roundup-0106-0113/
|
|
* https://blog.talosintelligence.com/threat-roundup-0331-0407-2/
|
|
* https://blog.talosintelligence.com/threat-roundup-1202-1209/
|
|
* https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos%20-%2024082022
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs%202
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-15%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-12%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-04%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-06%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-08%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-16%20Remcos%20RAT%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-10%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-18%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-01%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-01%20Remcos%202%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-09%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-08%20Remcos_1%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-08%20Remcos_2%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-12%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-27%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-11%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-11%20Remcos%202%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-13%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-18%20Remcos_1%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-18%20Remcos_2%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-19%20Remcos%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-25%20Remcos%201%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-25%20Remcos%203%20IOCs
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-23%20Remcos%20IOCs
|
|
* https://isc.sans.edu/forums/diary/Malspam+using+passwordprotected+Word+docs+to+push+Remcos+RAT/25292/
|
|
* https://twitter.com/Paladin3161/status/1197842954037018625
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|