2020-11-24 Remcos IOCs

1. THREAT ATTRIBUTION: REMCOS RAT
2.  
3. SUBJECTS OBSERVED
4. Citbank Payment Advice Notice For Vendor-- <Company Name>
5. Wells Fargo Payment Advice Notification -<Company Name> WF11232020
6.  
7. SENDERS OBSERVED
8. [email protected]
9. [email protected]
10.  
11. MALDOC FILE HASHES
12. Payment-Advice.xls
13. d0eec012f6b2d39a4d3b0091588d4d23
14.  
15. Remit_Advice.xls
16. 75ecb80a0cfeb25ac23b4fe0c611ca7a
17.  
18. ach.vbs
19. 7eb75ac29bcdb9b04ffd7be21be218c0
20.  
21. PAYLOAD FILE HASHES
22. fila.jpg
23. 5aef2c7a517e06b2ff42c55b2546a44e
24.  
25. MALDOC DOWNLOAD URLS
26. http://creditcollectionglobal.co/holder/word.vbs
27. http://creditcollectionglobal.co/holder/ach.vbs
28.  
29. PAYLOAD URL
30. http://creditcollectionglobal.co/mint/fila.jpg
31.  
32. REMCOS C2
33. daemontime.myq-see.com
34. 79.134.225.120:12489
35.  
36. SUPPORTING EVIDENCE
37. https://app.any.run/tasks/c6b92e79-f5dd-40b9-a294-01b14f06d9b3/