SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): APT33, The Gorgon Group, UAC-0050
Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.
Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.
Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.
Remcos is developed by the cybersecurity company BreakingSecurity.
2024-07-29
⋅
loginsoft
⋅
Blue Screen Mayhem: When CrowdStrike's Glitch Became Threat Actor's Playground Daolpu HijackLoader Remcos |
2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
2024-06-06
⋅
Medium b.magnezi
⋅
Remcos RAT Analysis Remcos |
2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
2024-05-10
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four Remcos |
2024-05-03
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Three Remcos |
2024-04-30
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Two Remcos |
2024-04-24
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part One Remcos |
2024-04-15
⋅
Positive Technologies
⋅
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm |
2024-03-26
⋅
K7 Security
⋅
Unknown TTPs of Remcos RAT Remcos |
2024-02-28
⋅
Security Intelligence
⋅
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023 404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos |
2024-02-21
⋅
Medium b.magnezi
⋅
Malware Analysis — Remcos RAT Remcos |
2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
2024-01-03
⋅
Uptycs
⋅
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion Remcos |
2023-12-07
⋅
⋅
Cert-UA
⋅
UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218) Meduza Stealer Remcos |
2023-11-23
⋅
Infosec Writeups
⋅
Malware analysis Remcos RAT- 4.9.2 Pro Remcos |
2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
2023-11-14
⋅
SOC Prime
⋅
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine Remcos UAC-0050 |
2023-10-27
⋅
Twitter (@embee_research)
⋅
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell Remcos |
2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
2023-09-19
⋅
Checkpoint
⋅
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos CloudEyE Remcos |
2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
2023-07-08
⋅
CloudEyE — From .lnk to Shellcode CloudEyE Remcos |
2023-05-16
⋅
CyberRaiju
⋅
Remcos RAT - Malware Analysis Lab Remcos |
2023-04-13
⋅
Microsoft
⋅
Threat actors strive to cause Tax Day headaches CloudEyE Remcos |
2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-03-27
⋅
Zscaler
⋅
DBatLoader: Actively Distributing Malwares Targeting European Businesses DBatLoader Remcos |
2023-03-16
⋅
Trend Micro
⋅
IPFS: A New Data Frontier or a New Cybercriminal Hideout? Agent Tesla Formbook RedLine Stealer Remcos |
2023-02-22
⋅
SOC Prime
⋅
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware Remcos UAC-0050 |
2023-02-21
⋅
⋅
Cert-UA
⋅
Cyber attack of the group UAC-0050 (UAC-0096) using the Remcos program (CERT-UA#6011) Remcos UAC-0050 |
2023-02-06
⋅
⋅
Cert-UA
⋅
UAC-0050 cyber attack against the state bodies of Ukraine using the program for remote control and surveillance Remcos (CERT-UA#5926) Remcos UAC-0050 |
2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
2023-01-24
⋅
Trellix
⋅
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity Andromeda Formbook Houdini Remcos |
2022-11-21
⋅
Malwarebytes
⋅
2022-11-21 Threat Intel Report 404 Keylogger Agent Tesla Formbook Hive Remcos |
2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-09-22
⋅
Morphisec
⋅
Watch Out For The New NFT-001 Eternity Stealer Remcos |
2022-08-29
⋅
Soc Investigation
⋅
Remcos RAT New TTPS - Detection & Response Remcos |
2022-08-21
⋅
Perception Point
⋅
Behind the Attack: Remcos RAT Remcos |
2022-08-04
⋅
ConnectWise
⋅
Formbook and Remcos Backdoor RAT by ConnectWise CRU Formbook Remcos |
2022-07-20
⋅
Sophos
⋅
OODA: X-Ops Takes On Burgeoning SQL Server Attacks Maoloa Remcos TargetCompany |
2022-05-05
⋅
Github (muha2xmad)
⋅
Analysis of MS Word to drop Remcos RAT | VBA extraction and analysis | IoCs Remcos |
2022-04-12
⋅
HP
⋅
Malware Campaigns Targeting African Banking Sector CloudEyE Remcos |
2022-04-06
⋅
Fortinet
⋅
The Latest Remcos RAT Driven By Phishing Campaign Remcos |
2022-03-30
⋅
Morphisec
⋅
New Wave Of Remcos RAT Phishing Campaign Remcos |
2022-03-25
⋅
Trustwave
⋅
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns Remcos |
2022-03-07
⋅
ASEC
⋅
Distribution of Remcos RAT Disguised as Tax Invoice Remcos |
2022-03-04
⋅
Bleeping Computer
⋅
Russia-Ukraine war exploited as lure for malware distribution Agent Tesla Remcos |
2022-03-04
⋅
Bitdefender
⋅
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine Agent Tesla Remcos |
2022-02-28
⋅
⋅
ASEC
⋅
Remcos RAT malware disseminated by pretending to be tax invoices Remcos |
2022-02-18
⋅
SANS ISC
⋅
Remcos RAT Delivered Through Double Compressed Archive Remcos |
2022-02-14
⋅
Morphisec
⋅
Journey of a Crypto Scammer - NFT-001 AsyncRAT BitRAT Remcos |
2022-02-08
⋅
Remcos Analysis Remcos |
2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
2022-01-28
⋅
eSentire
⋅
Remcos RAT Remcos |
2022-01-13
⋅
muha2xmad
⋅
Unpacking Remcos malware Remcos |
2022-01-10
⋅
splunk
⋅
Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021 Remcos |
2022-01-02
⋅
Medium amgedwageh
⋅
Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT Remcos |
2021-11-29
⋅
Trend Micro
⋅
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos |
2021-11-23
⋅
HP
⋅
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos |
2021-11-23
⋅
Morphisec
⋅
Babadeda Crypter targeting crypto, NFT, and DeFi communities Babadeda BitRAT LockBit Remcos |
2021-11-11
⋅
splunk
⋅
FIN7 Tools Resurface in the Field – Splinter or Copycat? JSSLoader Remcos |
2021-10-27
⋅
Proofpoint
⋅
New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns Nanocore RAT Remcos TA2722 |
2021-10-06
⋅
ESET Research
⋅
To the moon and hack: Fake SafeMoon app drops malware to spy on you Remcos |
2021-10-01
⋅
HP
⋅
Threat Insights Report Q3 - 2021 STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm |
2021-09-15
⋅
Telsy
⋅
REMCOS and Agent Tesla loaded into memory with Rezer0 loader Agent Tesla Remcos |
2021-09-13
⋅
Trend Micro
⋅
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
2021-09-13
⋅
Trend Micro
⋅
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs) AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
2021-08-04
⋅
⋅
ASEC
⋅
S/W Download Camouflage, Spreading Various Kinds of Malware Raccoon RedLine Stealer Remcos Vidar |
2021-07-27
⋅
Blackberry
⋅
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy |
2021-07-19
⋅
Malwarebytes
⋅
Remcos RAT delivered via Visual Basic Remcos |
2021-07-12
⋅
IBM
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-12
⋅
Cipher Tech Solutions
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-05-13
⋅
Anomali
⋅
Threat Actors Use MSBuild to Deliver RATs Filelessly Remcos |
2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
2021-03-18
⋅
Cybereason
⋅
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware NetWire RC Remcos |
2021-03-16
⋅
Morphisec
⋅
Tracking HCrypt: An Active Crypter as a Service AsyncRAT LimeRAT Remcos |
2021-02-18
⋅
PTSecurity
⋅
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/ Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader |
2021-01-13
⋅
Bitdefender
⋅
Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign Remcos |
2021-01-11
⋅
ESET Research
⋅
Operation Spalax: Targeted malware attacks in Colombia Agent Tesla AsyncRAT NjRAT Remcos |
2020-12-07
⋅
Proofpoint
⋅
Commodity .NET Packers use Embedded Images to Hide Payloads Agent Tesla Loki Password Stealer (PWS) Remcos |
2020-11-18
⋅
G Data
⋅
Business as usual: Criminal Activities in Times of a Global Pandemic Agent Tesla Nanocore RAT NetWire RC Remcos |
2020-07-30
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-13
⋅
Github (1d8)
⋅
Remcos RAT Macro Dropper Doc Remcos |
2020-06-11
⋅
Talos Intelligence
⋅
Tor2Mine is up to their old tricks — and adds a few new ones Azorult Remcos |
2020-05-20
⋅
Zscaler
⋅
Latest Version of Amadey Introduces Screen Capturing and Pushes the Remcos RAT Amadey Remcos |
2020-05-14
⋅
360 Total Security
⋅
Vendetta - new threat actor from Europe Nanocore RAT Remcos |
2020-05-14
⋅
SophosLabs
⋅
RATicate: an attacker’s waves of information-stealing malware Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
2020-04-02
⋅
Cisco Talos
⋅
AZORult brings friends to the party Azorult Remcos |
2020-03-20
⋅
Bitdefender
⋅
5 Times More Coronavirus-themed Malware Reports during March ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos |
2020-03-18
⋅
Proofpoint
⋅
Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
2019-10-21
⋅
Fortinet
⋅
New Variant of Remcos RAT Observed In the Wild Remcos |
2019-09-26
⋅
Proofpoint
⋅
New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
2019-09-07
⋅
Dissecting Malware
⋅
Malicious RATatouille Remcos |
2019-08-22
⋅
Youtube (OALabs)
⋅
Remcos RAT Unpacked From VB6 With x64dbg Debugger Remcos |
2019-08-15
⋅
Trend Micro
⋅
Analysis: New Remcos RAT Arrives Via Phishing Email Remcos |
2019-06-19
⋅
Check Point
⋅
Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany Remcos |
2019-05-08
⋅
VMRay
⋅
Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0 Remcos |
2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
2018-08-22
⋅
Cisco Talos
⋅
Picking Apart Remcos Botnet-In-A-Box Remcos |
2018-08-02
⋅
Palo Alto Networks Unit 42
⋅
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
2018-03-02
⋅
KrabsOnSecurity
⋅
Analysing Remcos RAT’s executable Remcos |
2018-03-01
⋅
My Online Security
⋅
Fake order spoofed from Finchers ltd Sankyo-Rubber delivers Remcos RAT via ACE attachments Remcos |
2018-01-23
⋅
RiskIQ
⋅
Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors Remcos |
2017-12-22
⋅
Malware Traffic Analysis
⋅
MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT Remcos |
2017-07-01
⋅
Secrary Blog
⋅
Remcos RAT Remcos |
2017-02-14
⋅
Fortinet
⋅
REMCOS: A New RAT In The Wild Remcos |