Malware-IOCs/2022-08-26 Remcos IOCs at main · executemalware/Malware-IOCs
Tags
attack-pattern: Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID 899fbb06-e954-470c-8d1a-6d99f1f1afb0
Fingerprint 7ba900323c0e2062
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 1, 2023, midnight
Added to db Jan. 16, 2023, 3:56 p.m.
Last updated Nov. 17, 2024, 6:30 p.m.
Headline Name already in use
Title Malware-IOCs/2022-08-26 Remcos IOCs at main · executemalware/Malware-IOCs
Detected Hints/Tags/Attributes 16/1/25
Source URLs
Redirection Url
Details Source https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-26%20Remcos%20IOCs
URL Provider
Details Provider Source level domain
Details github.com github.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
messages-jpmchase.com
Details Domain 3 
kopadd.yunethosting.rs
Details Domain 339 
system.net
Details Domain 707 
google.com
Details Domain 3 
mandingo.dvrlists.com
Details Email 2 
remit_advice@messages-jpmchase.com
Details File 2 
note.xls
Details File 2 
gzngx.js
Details File 3 
gith.vbs
Details File 2 
fif.txt
Details File 2 
fiddy.jpg
Details File 5 
remcos.dll
Details File 11 
remcos.exe
Details md5 1 
013abd2c23de690c05fb31992ecbc1f4
Details md5 2 
fdce4e6a7d253b155e1b75dbecd54d88
Details md5 2 
7b9490d2c1b4e4a41f388a9f3730ce6f
Details md5 2 
b34df937d4905eb496330866aa09bcc3
Details md5 2 
306dd85937f96d529011d00918cff5d5
Details md5 4 
73d7c21952995d7f276c123ac4604fb8
Details md5 3 
fff088e23aa4db91797df9dcb02ef946
Details md5 3 
F976F3392D428272B06D4A4EF871EAC7
Details IPv4 3 
209.127.20.13
Details Url 3 
https://kopadd.yunethosting.rs/sync/gith.vbs
Details Url 2 
http://209.127.20.13/fif.txt
Details Url 2 
http://209.127.20.13/fiddy.jpg