popup

Cyber Threat Trends

  1. Week Month

Gemelli flickerflypro flickerfly

Summary: 2025/04/29 01:59

First reported date: 2021/05/07
Inquiry period : 2025/04/28 01:59 ~ 2025/04/29 01:59 (1 days), 1 search results

지난 7일 기간대비 신규 트렌드를 보이고 있습니다.
악성코드 유형 RemcosRAT NetWireRC Remcos 도 새롭게 확인됩니다.
기타 Low VBS abusech httpstcoPoOiqUwJjt VBScript 신규 키워드도 확인됩니다.

Remcos is a RAT type malware that attackers use to perform actions on infected machines remotely. This malware is extremely actively caped up to date with updates coming out almost every single month.

참고로 동일한 그룹의 악성코드 타입은 Remcos njRAT QuasarRAT 등 112개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1RemcosRAT 1 ▲ new
2Low 1 ▲ new
3VBS 1 ▲ new
4abusech 1 ▲ new
5httpstcoPoOiqUwJjt 1 ▲ new
6NetWireRC 1 ▲ new
7Remcos 1 ▲ new
8VBScript 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
RemcosRAT
1 (33.3%)
NetWireRC
1 (33.3%)
Remcos
1 (33.3%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Attack technique
Technique

This is an attack technique that is becoming an issue.

No data.

Country & Company
Country & Company

This is a country or company that is an issue.

No data.

Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 1)
  Total keyword

RemcosRAT VBS NetWireRC Remcos VBScript

No Title Date
1Szabolcs Schmidt @smica83
Low detected #RemcosRAT VBS @abuse_ch https://t.co/PoOiqUwJjt https://t.co/pfcM1xjyZt		2025.04.28

News

(Total : 0)

No data.

Additional information

No Request Hash(md5) Report No Date
1 remcos_a.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket Escalate priviledges PWS Sniff Audio DNS Interne 		e3aecc3188eac24edb8e34f5044b3a6a589982025.04.14
2 pdf.ps1
Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Inte 		642647cf863119977d7bd52e848e0cfe583952025.03.31
3 kent.ps1
Client SW User Data Stealer Backdoor RemcosRAT Formbook browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library Confuser .NET Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Co 		432719ce1459add67ebe4c01b47310f2580592025.03.13
4 nyoilsafkjawd.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio 		0bea38a3f664f5c8d72ab74db022aacd580452025.03.12
5 crossings.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio 		db59bfef32bc15d53bdf499dd1ae62c4580442025.03.12
View only the last 5
Level Description
danger File has been identified by 66 AntiVirus engines on VirusTotal as malicious
danger The process wscript.exe wrote an executable file to disk which it then attempted to execute
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
warning Disables Windows Security features
watch Communicates with host for which no DNS query was performed
watch Installs itself for autorun at Windows startup
watch One or more non-whitelisted processes were created
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice A process attempted to delay the analysis task.
notice A process created a hidden window
notice Checks whether any human activity is being performed by constantly checking whether the foreground window changed
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Terminates another process
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
No data
No URL CC ASN Co Reporter Date
1http://188.127.231.170/460/cent/camewithbesttechnologygivenmebestthingsentierimte______camewithbestt...
RemcosRAT 		RU RULLC Smart ApeDaveLikesMalwre2025.04.28
2http://178.173.244.118/wuBQR165.bin
GuLoader rat RemcosRAT 		AU AUWholesale Services Providerabuse_ch2025.04.27
3http://185.215.113.19//inc/file.exe
RemcosRAT 		anonymous2025.04.26
4http://185.215.113.19//inc/DEF.exe
RemcosRAT 		anonymous2025.04.26
5http://185.215.113.117//inc/DEF.exe
RemcosRAT 		abus3reports2025.04.26
View only the last 5
Beta Service, If you select keyword, you can check detailed information.