Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: REMCOS
- SUBJECTS OBSERVED
- EFT Remittance Advice
- SENDERS OBSERVED
- MALDOC FILE HASHES
- EFT Remittance.xls
- e9dbdcfb6439bd0d888e907a71509937
- JAVASCRIPT LOADER URL
- http://greenpayindia.com/king/file/ach/login/Protected%20Client.js
- JAVASCRIPT LOADER FILE HASH
- Protected Client.js
- 53c6ba86eedbf52338675e5d806f7cfd
- Copied to: C:\users\analyst\AppData\Roaming and renamed to notepad.js
- PAYLOAD URL
- http://greenpayindia.com/king/file/ach/login/Attack.jpg
- PAYLOAD FILE HASH
- Attack.jpg
- b0df36da77c4171eafae7ab7fbc9f64a
- REMCOS C2
- https://isrealpicker.duckdns.org:672
- SUPPORTING EVIDENCE
- https://urlhaus.abuse.ch/url/1016852/
- https://urlhaus.abuse.ch/url/1016853/
- https://app.any.run/tasks/0ab15224-b7c3-453a-8d13-a387e7356057/
Advertisement
Add Comment
Please, Sign In to add comment
