← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Campaign Uses Remcos RAT to Exploit Victims
WHITE eric.ford 2024-11-08 Modified: 2024-12-08
15
IOCs
MEDIUM VOLUME
A phishing campaign using Excel attachments is delivering a new variant of the Remcos RAT. The Excel attachment with an embedded OLE object exploits the remote code execution vulnerability CVE-2017-0199 affecting Microsoft Office and WordPad to download an HTA file. The HTA file downloads an executable, which downloads several files, one of which downloads Remcos RAT.
remcos
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Remcos
Indicators of Compromise (8 / 15 total)
All CVE FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
URL http://107.173.4.16:2404 2024-11-08
URL http://192.3.220.22/430/dllhost.exe 4e11fd9ebcd710646c1c685691837f3e2d4983e9232279ece12a6db9be569ba1 2024-11-08
URL http://192.3.220.22/430/dllhost.xn--exe-9o0a 2024-11-08
URL http://192.3.220.22/hFXELFSwRHRwqbE214.bin 0f81b5c2a976afdc87df88b780a439deda77708dc9ef74cd726962013d79031f 2024-11-08
URL http://192.3.220.22/xampp/en/cookienetbookinetcahce.hta 2024-11-08
URL http://192.3.220.22/xampp/en/cookienetbookinetcahce.xn--hta-9o0a. 2024-11-08
URL https://og1.in/2Rxzb3 2024-11-08
URL https://og1.in/2Rxzb3.xn--ivg 2024-11-08
References (1)
↗ https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims