Cybercrime, new email about an RFQ conveyed by Remcos via Modiloader
The compressed attachment contains an exe file: the loader, which contacts a url and downloads the final malware.
Cybercrime, the “Hesap hareketleriniz” email carries Remcos
A new zipped attachment contains an exe: the malware, while the text and C2s do not change from previous campaign waves.
Cybercrime, the Remcos bank-themed campaign changes template
The email, referring to an account statement of Garanti BBVA, now also contains an IBAN. The attachment is a compressed file in z format with an exe inside: the malware.
Cybercrime, Remcos campaign via DBatLoader/Modiloader
The xz attachment contains an exe: the loader, which contacts a url and downloads the final malware.
Cybercrime, Remcos arrives from Turkey via false account statement
The email rar attachment contains an exe file: the malware.
Cybercrime, the email “Request Quotation PO.230029” conveys Vjw0rm
The js in the rar attachment contacts a url to download and run an exe: the malware. The mail provider is the same as yesterday's Remcos campaign.
Cybercrime, Remcos “YOUR INQUIRY” campaign from China
The message z attachment contains an exe file: the malware.
Cybercrime, RemcosRat is hiding in a draft contract
The r17 attachment of the email with the subject "O/N O/186/1902" contains an exe file: the malware.
Cybercrime, RemcosRat goes from industrial engines
The exe attachment of the email from a French spare parts company is the malware.
Cybercrime, Remcos campaign via DBatLoader
The rar attachment contains an exe: the loader, which contacts a url and downloads the final malware.