Just Another Blue Teamer · @LeeArchinal
60 followers · 100 posts · Server ioc.exchangeHappy Friday everyone! It is that time of year again and the adversaries know it! Microsoft Security reports that phishing attempts have been observed attempting to deliver the #RemcosRAT. Stay vigilant and Happy Hunting!
Threat actors strive to cause Tax Day headaches
https://www.microsoft.com/en-us/security/blog/2023/04/13/threat-actors-strive-to-cause-tax-day-headaches/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #phishing #taxseason #readoftheday
#remcosrat #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting #phishing #taxseason #readoftheday
Brad · @malware_traffic
1222 followers · 24 posts · Server infosec.exchange
2022-11-21 (Monday) and 11-22 (Tuesday) - Some #AgentTesla and #RemcosRAT malware and #malspam examples - #pcaps are short, sanitized, carved files only containing the IOCs.
https://www.malware-traffic-analysis.net/2022/11/22/index.html
This traffic is from last week, but I just got around to posting it now.
Takes some time to properly sanitize the emails and pcap files, so I can share.
#agenttesla #remcosrat #malspam #pcaps #MastodonExclusive
Brad · @malware_traffic
537 followers · 11 posts · Server infosec.exchange
2022-11-16 (Wednesday) #MastodonExclusive post: Saw the same #Remcos #RAT malspam in serveral of my honeypot email accounts today.
#RemcosRAT C2 was 185.246.220[.]39:1307 using drremcoz1.ddns[.]net
Example of the email is available here: https://app.any.run/tasks/29fa382d-f7e2-4a16-b995-3272bfc6cfdf (also submitted to VT at https://www.virustotal.com/gui/file/4d494d86350d7e6c8a8d8fbae5db33530586fd1c3e500449cf363bd59a06784a)
#MastodonExclusive #remcos #rat #remcosrat
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Spread of Coronavirus-Themed Cyberattacks Persists with New Attacks - In cybersecurity circles, the Coronavirus is spurring anxiety over the virtual abuse of the deadly... more: https://threatpost.com/coronavirus-themed-cyberattacks-persists/153493/ #malwarehunterteam #zlab-yoroicybaze #microsoftoffice #websecurity #coronavirus #government #ibmx-force #kaspersky #remcosrat #backdoor #covid-19 #phishing #malware #email
#email #malware #phishing #covid #backdoor #remcosrat #kaspersky #ibmx #government #coronavirus #websecurity #microsoftoffice #zlab #malwarehunterteam