← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Campaign Uses Remcos RAT to Exploit Victims | FortiGuard Labs
WHITE CyberHunter_NL 2024-11-11 Modified: 2024-12-11
28
IOCs
MEDIUM VOLUME
A new variant of the Remcos RAT is being used to exploit a vulnerability in Microsoft Office and WordPad, according to Fortinet's FortiGuard Labs security research team and its partner, CISO Collective.
ratfortiguard labs threat researchfortimailfortinetexcel documentfortiguardantispamweb filteringantivirusurlsmaliciouswebsitesteamremcos
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Remcos
Indicators of Compromise (28)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2017-0199 2024-11-11
FileHash-MD5 14c1d52f24f29389597b36dcfc90b95a MD5 of f9b744d0223efe3c01c94d526881a95523c2f5e457f03774dd1d661944e60852 2024-11-11
FileHash-MD5 3763d0c03b5f6228ba0b06c464a0828d MD5 of 4a670e3d4b8481ced88c74458fec448a0fe40064ab2b1b00a289ab504015e944 2024-11-11
FileHash-MD5 3aaf33e220a7bbed189a27a797e1b351 MD5 of 24a4ebf1de71f332f38de69baf2da3019a87d45129411ad4f7d3ea48f506119d 2024-11-11
FileHash-MD5 450228d72f9f726b645c55bbbc6db905 MD5 of 9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be 2024-11-11
FileHash-MD5 552ed0904239d64db1895620b38dc799 MD5 of d4d98fdbe306d61986bed62340744554e0a288c5a804ed5c924f66885cbf3514 2024-11-11
FileHash-MD5 c443d03e485232a860b726fc83593004 MD5 of f99757c98007da241258ae12ec0fd5083f0475a993ca6309811263aad17d4661 2024-11-11
FileHash-SHA1 6b556d04962638694402d15b7fa24b6bd6b1d1f4 SHA1 of f99757c98007da241258ae12ec0fd5083f0475a993ca6309811263aad17d4661 2024-11-11
FileHash-SHA1 8699ef56f096082c5c97cf9e9611d5aec58e7a86 SHA1 of 24a4ebf1de71f332f38de69baf2da3019a87d45129411ad4f7d3ea48f506119d 2024-11-11
FileHash-SHA1 8a6a6c6efd31b04c716cde1783b45783f2843e20 SHA1 of d4d98fdbe306d61986bed62340744554e0a288c5a804ed5c924f66885cbf3514 2024-11-11
FileHash-SHA1 a2578253f17b5f0ef989965dcb74aebb60763b2d SHA1 of f9b744d0223efe3c01c94d526881a95523c2f5e457f03774dd1d661944e60852 2024-11-11
FileHash-SHA1 b26075c51a4681f2ff7407188f5e9480545a7aca SHA1 of 9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be 2024-11-11
FileHash-SHA1 d6209f26483f566417ec4adedcc9f54c56862d35 SHA1 of 4a670e3d4b8481ced88c74458fec448a0fe40064ab2b1b00a289ab504015e944 2024-11-11
FileHash-SHA256 24a4ebf1de71f332f38de69baf2da3019a87d45129411ad4f7d3ea48f506119d 2024-11-11
FileHash-SHA256 4a670e3d4b8481ced88c74458fec448a0fe40064ab2b1b00a289ab504015e944 2024-11-11
FileHash-SHA256 9124d7696d2b94e7959933c3f7a8f68e61a5ce29cd5934a4d0379c2193b126be 2024-11-11
FileHash-SHA256 d4d98fdbe306d61986bed62340744554e0a288c5a804ed5c924f66885cbf3514 2024-11-11
FileHash-SHA256 f99757c98007da241258ae12ec0fd5083f0475a993ca6309811263aad17d4661 2024-11-11
FileHash-SHA256 f9b744d0223efe3c01c94d526881a95523c2f5e457f03774dd1d661944e60852 2024-11-11
URL http://107.173.4.16:2404 2024-11-11
URL http://192.3.220.22/430/dllhost.exe 4e11fd9ebcd710646c1c685691837f3e2d4983e9232279ece12a6db9be569ba1 2024-11-11
URL http://192.3.220.22/430/dllhost.xn--exe-9o0a 2024-11-11
URL http://192.3.220.22/hFXELFSwRHRwqbE214.bin 0f81b5c2a976afdc87df88b780a439deda77708dc9ef74cd726962013d79031f 2024-11-11
URL http://192.3.220.22/xampp/en/cookienetbookinetcahce.hta f99757c98007da241258ae12ec0fd5083f0475a993ca6309811263aad17d4661 2024-11-11
URL http://192.3.220.22/xampp/en/cookienetbookinetcahce.xn--hta-9o0a. 2024-11-11
URL https://og1.in/2Rxzb3 2024-11-11
URL https://og1.in/2Rxzb3.xn--ivg 2024-11-11
domain og1.in 2024-11-11
References (1)
↗ https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims