2021-03-24 Remcos IOCs

1. THREAT IDENTIFICATION: REMCOS RAT
2.  
3. SUBJECTS OBSERVED
4. ACH Remittance Advice-0032421
5.  
6. SENDERS OBSERVED
7. [email protected]
8.  
9. MALDOC FILE HASHES
10. Remittance Advice.xls
11. 19eeb9f08b76b43bc18ebd0ace1881cd
12.  
13. PAYLOAD URL
14. http://vendorcreditglobal.online/file/hut.js
15. http://vendorcreditglobal.online/find/mac.jpg
16.  
17. PAYLOAD FILE HASHES
18. Same file hash as hut.js
19. rud.js
20. a47b7104414e13a0a5f77692da5009dd
21.  
22. mac.jpg
23. 90521b33d7e36758b945a49ddaf6a041
24.  
25. InstallUtil.exe
26. bb85aa6d90a4157ed799257072b265ff
27.  
28. REMCOS C2
29. daemontime.myq-see.com
30. https:194.5.98.147:1698