← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Campaign Uses Remcos RAT to Exploit Victims
WHITE eric.ford 2024-11-08 Modified: 2024-12-08
15
IOCs
MEDIUM VOLUME
A phishing campaign using Excel attachments is delivering a new variant of the Remcos RAT. The Excel attachment with an embedded OLE object exploits the remote code execution vulnerability CVE-2017-0199 affecting Microsoft Office and WordPad to download an HTA file. The HTA file downloads an executable, which downloads several files, one of which downloads Remcos RAT.
remcos
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Remcos
Indicators of Compromise (6 / 15 total)
All CVE FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 24a4ebf1de71f332f38de69baf2da3019a87d45129411ad4f7d3ea48f506119d 2024-11-08
FileHash-SHA256 4a670e3d4b8481ced88c74458fec448a0fe40064ab2b1b00a289ab504015e944 2024-11-08
FileHash-SHA256 9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be 2024-11-08
FileHash-SHA256 d4d98fdbe306d61986bed62340744554e0a288c5a804ed5c924f66885cbf3514 2024-11-08
FileHash-SHA256 f99757c98007da241258ae12ec0fd5083f0475a993ca6309811263aad17d4661 2024-11-08
FileHash-SHA256 f9b744d0223efe3c01c94d526881a95523c2f5e457f03774dd1d661944e60852 2024-11-08
References (1)
↗ https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims