Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: REMCOS RAT
- SUBJECTS OBSERVED
- Bank of America Payment/Remittance Advice
- SENDERS OBSERVED
- noreply.alerts@edi.bofa.com
- MALDOC FILE HASHES
- BoFA Remittance Advice-21721.doc
- d9351f959e1b09a54714ce11437581bb
- INTERMEDIATE PAYLOAD URLS
- http://192.227.158.111/jug.js
- http://192.227.158.111/fud.jpg
- INTERMEDIATE PAYLOAD FILE HASHES
- jug.js
- 78f0668dbe848311be3b827e9e355d37
- fud.jpg
- e3315478336c1e8acd0fdfd8b056fa36
- REMCOS C2
- twistednerd.dvrlists.com
- https://213.152.187.215:41078
- SUPPORTING EVIDENCE
- https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
- https://urlhaus.abuse.ch/browse.php?search=http%3A%2F%2F192.227.158.111
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement