ioc[.]one - OSINT Cyber Threat Intelligence Database

New Campaign Uses Remcos RAT to Exploit Victims | FortiGuard Labs

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Exploits - T1587.004 Exploits - T1588.005 Hooking - T1617 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Hollowing - T1055.012 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Hooking - T1179 Mshta - T1170 Powershell - T1086 Process Hollowing - T1093 Hooking

Show in Graph

Common Information

Type	Value
UUID	1c5a8f5f-3c2e-4cdf-b924-685357dd6dc4
Fingerprint	ac299996c12fbb6f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 8, 2024, 2 p.m.
Added to db	Nov. 8, 2024, 3:24 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	New Campaign Uses Remcos RAT to Exploit Victims
Title	New Campaign Uses Remcos RAT to Exploit Victims \| FortiGuard Labs
Detected Hints/Tags/Attributes	62/2/27

Source URLs

	Redirection	Url
Details	Source	https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
Details	Redirection	https://feeds.fortinet.com/~/907586438/0/fortinet/blog/threat-research~New-Campaign-Uses-Remcos-RAT-to-Exploit-Victims

URL Provider

Details	Provider	Source level domain
Details	fortinet.com	www.fortinet.com
Details	fortinet.com	feeds.fortinet.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	117	✔	Fortinet All Blogs	https://feeds.feedburner.com/fortinet/blogs	2024-08-30 22:08
Details	122	✔	Fortinet Threat Research Blog	https://feeds.fortinet.com/fortinet/blog/threat-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	269	cve-2017-0199
Details	Domain	1	og1.in
Details	Domain	5	ms.office
Details	File	456	mshta.exe
Details	File	172	dllhost.exe
Details	File	1	%appdata%\dllhost.exe
Details	File	1208	powershell.exe
Details	File	7	vaccinerende.exe
Details	File	165	reg.exe
Details	File	2125	cmd.exe
Details	File	2	hfxelfswrhrwqbe214.bin
Details	File	41	code.exe
Details	File	1	po-9987689987.xls
Details	sha256	2	4a670e3d4b8481ced88c74458fec448a0fe40064ab2b1b00a289ab504015e944
Details	sha256	2	f99757c98007da241258ae12ec0fd5083f0475a993ca6309811263aad17d4661
Details	sha256	1	9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be
Details	sha256	1	d4d98fdbe306d61986bed62340744554e0a288c5a804ed5c924f66885cbf3514
Details	sha256	1	f9b744d0223efe3c01c94d526881a95523c2f5e457f03774dd1d661944e60852
Details	sha256	2	24a4ebf1de71f332f38de69baf2da3019a87d45129411ad4f7d3ea48f506119d
Details	IPv4	3	192.3.220.22
Details	IPv4	1	107.173.4.16
Details	Url	1	https://og1.in/2rxzb3.
Details	Url	2	http://192.3.220.22/xampp/en/cookienetbookinetcahce.hta
Details	Url	2	http://192.3.220.22/430/dllhost.exe
Details	Url	2	http://192.3.220.22/hfxelfswrhrwqbe214.bin
Details	Url	1	https://og1.in/2rxzb3
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run