{ "Event": { "analysis": "0", "date": "2022-08-29", "extends_uuid": "", "info": "Remcos RAT New TTPS \u2013 Detection & Response", "publish_timestamp": "1666619765", "published": true, "threat_level_id": "1", "timestamp": "1661935212", "uuid": "be8c3307-4b09-4ddf-af24-41c2385d8036", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Remcos\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-tool=\"Remcos - S0332\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:rat=\"Remcos\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661929982", "to_ids": true, "type": "md5", "uuid": "df994929-4233-49d8-8ee1-fe74efa43e04", "value": "6d25e04e66cccb61648f34728af7c2f2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661929982", "to_ids": true, "type": "md5", "uuid": "9968fbe6-da06-43b8-a264-f972a350bc74", "value": "f331c18c3f685d245d40911d3bd20519" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661929982", "to_ids": true, "type": "md5", "uuid": "3276f7e4-03a3-4c09-9d4d-e8a0dcd39e05", "value": "8cea687c5c02c9b71303c53dc2641f03" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661929997", "to_ids": true, "type": "url", "uuid": "5510130e-924e-4efc-9b33-76ac8c0b5495", "value": "http://geoplugin.net/json.gp" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661929997", "to_ids": true, "type": "hostname", "uuid": "54ec8646-3bba-4695-85be-3399b0294058", "value": "falimore001.hopto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661929997", "to_ids": true, "type": "ip-dst", "uuid": "da77edf5-854d-4a5c-ae31-cdc72e63c2ab", "value": "178.237.33.50" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661929997", "to_ids": true, "type": "ip-dst", "uuid": "0116dee7-8bb3-44d5-89ee-0e48099ec265", "value": "194.147.140.29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661930088", "to_ids": true, "type": "sha256", "uuid": "e47a293f-bb9c-486d-8d1d-1ababb321a9e", "value": "bf7212910de7bff455c3b3fe4b3a1a05059fe0da0c29e69b3aef492fe2a66fc0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661930088", "to_ids": true, "type": "sha256", "uuid": "43213f12-3d3d-4e84-9304-ad3e97814c35", "value": "af9596cf630f0f3e6e453ac8bdd6671f84feb65a057483ec5f620d04f4068209" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661930088", "to_ids": true, "type": "sha256", "uuid": "ca123a03-e340-441a-aa28-ab5fd1284558", "value": "e2816883a7a514fe1a3fbce95c04c2fc735f0c7ab872f7c23978388c42aea5c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661935212", "to_ids": true, "type": "filename", "uuid": "2eb72bd3-77a7-4040-aae7-2879896ca54e", "value": "%WINDIR%\\Microsoft.NET\\Framework64\\v4.0.30319\\vbc.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1661935212", "to_ids": true, "type": "filename", "uuid": "640fee1c-2637-4c90-bf25-ef1563fcca05", "value": "%WINDIR%\\Microsoft.NET\\Framework64\\v4.0.30319\\vbc.exe.config" } ], "Object": [ { "comment": "", "deleted": false, "description": "Metadata used to generate an executive level report", "meta-category": "misc", "name": "report", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "7", "timestamp": "1661863367", "uuid": "53d47357-bc5c-4c53-b3d5-fca18380b817", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1661863367", "to_ids": false, "type": "link", "uuid": "7bbed825-6ab9-4612-887e-1623b04429bb", "value": "https://www.socinvestigation.com/remcos-rat-new-ttps-detection-response/" } ] }, { "comment": "", "deleted": false, "description": "Metadata used to generate an executive level report", "meta-category": "misc", "name": "report", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "7", "timestamp": "1661868209", "uuid": "06ec68ed-5627-4d27-b9c0-3fe3e0b9e50a", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1661868209", "to_ids": false, "type": "link", "uuid": "c51bbd6b-ba7a-4370-97fb-09972c3b3b0d", "value": "https://otx.alienvault.com/pulse/630cbb6eb1975f82211a702f" } ] } ] } }