Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 14/09/2021

14th of September 2021 - Winners of the 37th week : Redline, NjRAT and Raccoon.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

14/09/2021

Distribution :

TLP : WHITE  

What's new?

Remcos (ID Mitre : S0332)

New Remcos campaign in Italy

Remcos has entered the index for the first time in 2021 though is operational since 2016. Remcos was developed by an Italian malware developer Viotto and advertised as remote control and surveillance software and available for purchase on underground hacking forums. This malware is now actively maintained up to date by the firm “breaking security” (registered in Germany) with a Free and Pro version made available as well as a manual. Remcos is “an extensive and powerful Remote-Control tool, which can be used to fully administrate one or many computers, remotely”. The latter can be purchased in cryptocurrencies supposedly for legal purposes such as pen-testing or audits , unfortunately it is or has been also leveraged by malicious actors such as APT33, SilverTerrier and the Gordon group. Recently, malware Hunter @JAMESWT studied a global malware campaign spread via phishing email. The attack consisted in a series of three emails sent by a credible sender “COSCO ASIA MANAGEMENT LTD” with the same subject “Request for quotation”. Even if the request id was different, content of those emails remain the same and with a compressed #archive file (.TAR) attachment. The latter will drop Remcos, which will collect use activity as well as credentials and audio or video content.

 

https://www.difesaesicurezza.com/areariservatacat/cybercrime-triplo-attacco-remcos-anche-in-italia-via-rfq/

https://breakingsecurity.net/remcos/

 

Download the report

 

 

Print Email