Remcos_RAT_IOCs_06-02-2019

1. #Remcos #RAT #Trojan
2. ----------------------------
3. 06-02-2019 IOC's
4. ----------------------------
5. Main object- "reader.exe"
6. url http://bonallegro.5v.pl/reader.exe
7. sha256 406f05dcc17634183356d39123ed4a79cf52a120864232ef01b6c1b276fa708e
8. sha1 4b63b3e43d71fe5a87a75a49c90e67cbf73bbcd5
9. md5 1599a9125410c5064ba9d80acdd03d09
10. DNS requests
11. domain x40.spdns.eu
12. Connections
13. ip 159.65.193.252