Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: REMCOS RAT
- SUBJECTS OBSERVED
- PAYMENT REMITTANCE ADVICE
- SENDERS OBSERVED
- MALDOC FILE HASHES
- ACH Remittance.xls
- 3d60d0c1b933856982737fc3b079ff00
- INTERMEDIATE PAYLOAD URLS
- http://dreamwatchevent.com/wpadmins/Protected Client.js
- http://dreamwatchevent.com/wpadmins/Attack.jpg
- INTERMEDIATE PAYLOAD FILE HASHES
- notapad.js
- 6f7fd86b0cd0c3886e56f953d578845b
- Attack.jpg
- 2b0ee894d5f1092a38cd7be030f8fb12
- REMCOS C2
- freightmgmt.duckdns.org:691
- https://194.5.98.207:691
- SUPPORTING EVIDENCE
- https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
- https://app.any.run/tasks/9ef7784e-42c9-4281-b223-7efa49178baf/
Advertisement
Add Comment
Please, Sign In to add comment
