{ "type": "MD5", "indicator": "19ceee89b018cd4f112afbf80098d16a", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "19ceee89b018cd4f112afbf80098d16a", "validation": [], "base_indicator": { "id": 4072891443, "indicator": "986475246725b3912766ed2e8494090e410870cfce30758d8d793bdbaa7f7825", "type": "FileHash-SHA256", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "686a82342e73040112ca38cb", "name": "ACTIVIDAD MALICIOSA | Relacionada con Remcos Rat 06-07-2025", "description": "Remcos RAT, conocido tambi\u00e9n como Remote Control System, es un programa malicioso dise\u00f1ado para permitir a los atacantes tomar control remoto de un sistema sin el conocimiento del usuario. En t\u00e9rminos simples, es como si permitiera a alguien manipular tu computadora desde lejos. Este software malicioso suele ser distribuido de manera enga\u00f1osa, a menudo disfrazado de archivos aparentemente inofensivos o programas leg\u00edtimos. Una vez que infecta un sistema, permite a los ciberdelincuentes realizar una variedad de acciones, como el robo de informaci\u00f3n, la manipulaci\u00f3n de archivos y la ejecuci\u00f3n de comandos a distancia. Este tipo de herramienta es particularmente preocupante, ya que puede ser utilizada para actividades maliciosas y espionaje, comprometiendo la privacidad y la seguridad de los usuarios.", "modified": "2025-07-06T14:03:32.160000", "created": "2025-07-06T14:03:32.160000", "tags": [ "command", "control", "ta0001", "ta0011", "ta0040", "ta0007", "ta0006", "ta0009", "t1074", "access trojan" ], "references": [ "https://www.virustotal.com/graph/embed/ga6a121deaab14cbba570c6a42d2068b64fc37efc689649718d1a373a40868225?theme=light", "https://darfe.es/ciberwiki/index.php?title=Remcos_(RAT)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Remcos - S0332", "display_name": "Remcos - S0332", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 344, "FileHash-SHA1": 344, "FileHash-SHA256": 344 }, "indicator_count": 1032, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "328 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "683f37a29cd5147b747631c6", "name": "ACTIVIDAD MALICIOSA | Relacionada con archivos maliciosos no catalogados 03-06-2025", "description": "Relacionada con archivos maliciosos no catalogados 03-06-2025", "modified": "2025-06-03T17:57:52.402000", "created": "2025-06-03T17:57:52.402000", "tags": [], "references": [ "https://www.virustotal.com/graph/embed/g9d2f61dd18c443eca657048cadaa14934a200af945d84c3db1ce20e297070444?theme=light", "https://www.virustotal.com/gui/collection/cbd406c63bbc5ab8b142173d98b65360ce761a2ab93e4aedd20cf4ef5da22158" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 240, "FileHash-SHA1": 240, "FileHash-SHA256": 240 }, "indicator_count": 720, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "361 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "references": [ "https://darfe.es/ciberwiki/index.php?title=Remcos_(RAT)", "https://www.virustotal.com/gui/collection/cbd406c63bbc5ab8b142173d98b65360ce761a2ab93e4aedd20cf4ef5da22158", "https://www.virustotal.com/graph/embed/ga6a121deaab14cbba570c6a42d2068b64fc37efc689649718d1a373a40868225?theme=light", "https://www.virustotal.com/graph/embed/g9d2f61dd18c443eca657048cadaa14934a200af945d84c3db1ce20e297070444?theme=light" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Remcos - s0332" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "686a82342e73040112ca38cb", "name": "ACTIVIDAD MALICIOSA | Relacionada con Remcos Rat 06-07-2025", "description": "Remcos RAT, conocido tambi\u00e9n como Remote Control System, es un programa malicioso dise\u00f1ado para permitir a los atacantes tomar control remoto de un sistema sin el conocimiento del usuario. En t\u00e9rminos simples, es como si permitiera a alguien manipular tu computadora desde lejos. Este software malicioso suele ser distribuido de manera enga\u00f1osa, a menudo disfrazado de archivos aparentemente inofensivos o programas leg\u00edtimos. Una vez que infecta un sistema, permite a los ciberdelincuentes realizar una variedad de acciones, como el robo de informaci\u00f3n, la manipulaci\u00f3n de archivos y la ejecuci\u00f3n de comandos a distancia. Este tipo de herramienta es particularmente preocupante, ya que puede ser utilizada para actividades maliciosas y espionaje, comprometiendo la privacidad y la seguridad de los usuarios.", "modified": "2025-07-06T14:03:32.160000", "created": "2025-07-06T14:03:32.160000", "tags": [ "command", "control", "ta0001", "ta0011", "ta0040", "ta0007", "ta0006", "ta0009", "t1074", "access trojan" ], "references": [ "https://www.virustotal.com/graph/embed/ga6a121deaab14cbba570c6a42d2068b64fc37efc689649718d1a373a40868225?theme=light", "https://darfe.es/ciberwiki/index.php?title=Remcos_(RAT)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Remcos - S0332", "display_name": "Remcos - S0332", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 344, "FileHash-SHA1": 344, "FileHash-SHA256": 344 }, "indicator_count": 1032, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "328 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "683f37a29cd5147b747631c6", "name": "ACTIVIDAD MALICIOSA | Relacionada con archivos maliciosos no catalogados 03-06-2025", "description": "Relacionada con archivos maliciosos no catalogados 03-06-2025", "modified": "2025-06-03T17:57:52.402000", "created": "2025-06-03T17:57:52.402000", "tags": [], "references": [ "https://www.virustotal.com/graph/embed/g9d2f61dd18c443eca657048cadaa14934a200af945d84c3db1ce20e297070444?theme=light", "https://www.virustotal.com/gui/collection/cbd406c63bbc5ab8b142173d98b65360ce761a2ab93e4aedd20cf4ef5da22158" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 240, "FileHash-SHA1": 240, "FileHash-SHA256": 240 }, "indicator_count": 720, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "361 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "19ceee89b018cd4f112afbf80098d16a", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "19ceee89b018cd4f112afbf80098d16a", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780225665.764622 }