Remcos RAT
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:43
- Modified
- 27/05/2026 21:40
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 73 attack patterns (mitre), 2 intrusion sets (apt), 9 sectors, 11 countries, 98 indicators, 7 vulnerabilities (cve), 21 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (73)
-
T1123 usesAudio Capture MITRE
-
T1060 uses
-
T1036.002 usesRight-to-Left Override MITRE
-
T1047 usesWindows Management Instrumentation MITRE
-
Steganography usesT1001.002 MITRE
-
T1573.002 usesAsymmetric Cryptography MITRE
-
T1055 usesProcess Injection MITRE
-
T1125 usesVideo Capture MITRE
-
T1560.001 usesArchive via Utility MITRE
-
T1041 usesExfiltration Over C2 Channel MITRE
-
T1564.001 usesHidden Files and Directories MITRE
-
T1569.002 usesService Execution MITRE
Intrusion sets (APT) (2)
-
BlindEagle usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TAG-144 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (9)
-
Finance targets
-
Education targets
-
Healthcare targets
-
Technology targets
-
Manufacturing targets
-
Defense targets
-
Government targets
-
Telecommunications targets
-
Logistics targets
Countries (11)
-
Australia targets
-
Panama targets
-
Chile targets
-
British Indian Ocean Territory targets
-
China targets
-
Germany targets
-
Finland targets
-
Poland targets
-
Belarus targets
-
Ecuador targets
-
South Africa targets
Indicators (98)
-
stix 100/100· Valid until 22/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 22/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 22/08/2026 · Source: AlienVault
-
cristiansantodomingo203010.con-ip.comindicatesstix 100/100· Valid until 01/08/2026 · Source: AlienVault
Vulnerabilities (CVE) (7)
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Attack vector
- Network
- Published
- 11/03/2025
- Modified
- 27/05/2026
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially …
- Attack vector
- Network
- Published
- 20/10/2025
- Modified
- 27/05/2026
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a …
- Attack vector
- Network
- Published
- 12/11/2024
- Modified
- 27/05/2026
Reports (21)
-
AlienVault Confidence 100 20 MITREs 4 Malwares 9 IOCs 9 Observables
-
16 MITREs 2 Malwares 4 Observables
-
18 MITREs 5 Malwares 28 Observables
-
8 MITREs 1 Malware 12 Observables
-
2 Malwares 2 Observables
-
11 MITREs 1 Malware 3 Observables
-
5 CVEs 11 MITREs 5 Malwares 3 Observables 1 APT
-
15 MITREs 4 Malwares
-
12 Malwares 1 APT
-
11 MITREs 1 Malware 5 Observables
-
10 MITREs 3 Malwares
-
8 MITREs 4 Malwares