RemcosRAT
Description
Remcos is a closed-source tool that is marketed as a remote control and surveillance software by a company called Breaking Security. Remcos has been observed being used in malware campaigns.
Names
| Name |
|---|
| RemcosRAT |
| Remcos |
| Remvio |
| Socmer |
Category
Tools
Type
- Backdoor
- Info stealer
- Exfiltration
Information
- https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/
- https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/
- https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
- http://malware-traffic-analysis.net/2017/12/22/index.html
- https://blog.fortinet.com/2017/02/14/remcos-a-new-rat-in-the-wild-2
- https://krabsonsecurity.com/2018/03/02/analysing-remcos-rats-executable/
- https://myonlinesecurity.co.uk/fake-order-spoofed-from-finchers-ltd-sankyo-rubber-delivers-remcos-rat-via-ace-attachments/
- https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html
- https://secrary.com/ReversingMalware/RemcosRAT/
- https://blog.malwarebytes.com/threat-analysis/2021/07/remcos-rat-delivered-via-visual-basic/
- https://blog.morphisec.com/remcos-trojan-analyzing-attack-chain
- https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing
- https://therecord.media/remcos-spyware-ukraine-government-agencies-uac0050/
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/peeling-back-the-layers-of-remcosrat-malware/
- https://therecord.media/remcos-phishing-ukraine-government-agencies
- https://asec.ahnlab.com/en/58195/
- https://asec.ahnlab.com/en/60270/
- https://asec.ahnlab.com/en/65111/
- https://blog.sonicwall.com/en-us/2024/05/remcos-is-pairing-with-privateloader-to-extend-its-capabilities/
- https://asec.ahnlab.com/en/66463/
- https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-stealthy-stalker-remcos-rat/
Mitre Attack
Malpedia
Alienvault Otx
Other Information
Uuid
2463414b-7294-4e18-9b34-276292047462
Last Card Change
2024-12-27