ioc[.]one - OSINT Cyber Threat Intelligence Database

Remcos RAT New TTPS – Detection & Response - Security Investigation

Tags

cmtmf-attack-pattern:	Process Injection
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malicious Image - T1204.003 Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Software - T1592.002 Process Injection - T1055

Show in Graph

Common Information

Type	Value
UUID	f4b24921-e0fc-490c-8074-2a9c5f9a2f06
Fingerprint	5882037cedf24299
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 29, 2022, 3:18 p.m.
Added to db	Sept. 11, 2022, 12:44 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Remcos RAT New TTPS – Detection & Response
Title	Remcos RAT New TTPS – Detection & Response - Security Investigation
Detected Hints/Tags/Attributes	34/2/32

Source URLs

	Redirection	Url
Details	Source	https://www.socinvestigation.com/remcos-rat-new-ttps-detection-response/

URL Provider

Details	Provider	Source level domain
Details	socinvestigation.com	www.socinvestigation.com

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	Domain	12	geoplugin.net
Details	Domain	7	json.gp
Details	Domain	1	falimore001.hopto.org
Details	Domain	4	reference.id
Details	File	2	sctasks.exe
Details	File	70	vbc.exe
Details	File	10	easinvoker.exe
Details	File	249	schtasks.exe
Details	File	12	netutils.dll
Details	File	2	'%.iso
Details	File	1	'%.exe
Details	File	1	'%vbc.exe
Details	File	1	'%schtasks.exe
Details	File	1	sinvoker.exe
Details	File	1	'%netutils.dll
Details	File	3	event_data.obj
Details	File	2	targetfilename.key
Details	File	1	objectname.key
Details	File	7	commandline.key
Details	File	2	'.iso
Details	File	23	'.exe
Details	File	1	'vbc.exe
Details	File	3	'schtasks.exe
Details	File	3	'easinvoker.exe
Details	File	3	'netutils.dll
Details	md5	1	6d25e04e66cccb61648f34728af7c2f2
Details	md5	1	F331c18c3f685d245d40911d3bd20519
Details	md5	1	8cea687c5c02c9b71303c53dc2641f03
Details	IPv4	7	178.237.33.50
Details	IPv4	1	194.147.140.29
Details	Url	4	http://geoplugin.net/json.gp