Malware-IOCs/2022-08-25 Remcos RAT IOCs at main · executemalware/Malware-IOCs
Tags
attack-pattern: Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID 450d4cb8-e561-42ff-8706-9c1a4b9ecf64
Fingerprint 7aa900927c1e0566
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 1, 2023, midnight
Added to db Jan. 16, 2023, 3:56 p.m.
Last updated Nov. 17, 2024, 6:30 p.m.
Headline Name already in use
Title Malware-IOCs/2022-08-25 Remcos RAT IOCs at main · executemalware/Malware-IOCs
Detected Hints/Tags/Attributes 17/1/29
Source URLs
Redirection Url
Details Source https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-25%20Remcos%20RAT%20IOCs
URL Provider
Details Provider Source level domain
Details github.com github.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
online-citigroup.com
Details Domain 3 
kopadd.yunethosting.rs
Details Domain 339 
system.net
Details Domain 707 
google.com
Details Domain 12 
geoplugin.net
Details Domain 7 
json.gp
Details Domain 3 
mandingo.dvrlists.com
Details Email 1 
achpaymentservice@online-citigroup.com
Details File 1 
advice_citi25822.xls
Details File 1 
sfowq.txt
Details File 3 
gith.vbs
Details File 1 
firm.txt
Details File 1 
remit.jpg
Details File 5 
remcos.dll
Details File 11 
remcos.exe
Details md5 1 
c52ef76cff0d8db1ecdc29d8a62cd5e6
Details md5 1 
caa9b2660bb510d8e16fc68d56cc0976
Details md5 1 
7092568e9cf03f175c5602bf89e19fb8
Details md5 1 
cd8ca76327c342972e95387b26538e45
Details md5 1 
98fb783932d6e50743126ce2cf8e8b30
Details md5 4 
73d7c21952995d7f276c123ac4604fb8
Details md5 3 
fff088e23aa4db91797df9dcb02ef946
Details md5 3 
F976F3392D428272B06D4A4EF871EAC7
Details IPv4 3 
209.127.20.13
Details IPv4 1 
91.193.75.239
Details Url 3 
https://kopadd.yunethosting.rs/sync/gith.vbs
Details Url 1 
http://209.127.20.13/firm.txt
Details Url 1 
http://209.127.20.13/remit.jpg
Details Url 4 
http://geoplugin.net/json.gp