Alias Description | Votes |
---|---|
Cloudeye is a possible alias for Remcos. Cloudeye, also known as GuLoader, is a sophisticated malware that has been active for over three years and continues to evolve. First spotted in late 2019, it is an advanced shellcode-based malware downloader used to distribute a range of payloads, such as information stealers, while incorporating n | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The GuLoader Malware is associated with Remcos. GuLoader is a potent malware that has been causing significant cybersecurity concerns. It operates by infecting systems through suspicious downloads, emails, or websites and then proceeds to exploit the system, often stealing personal information, disrupting operations, or holding data hostage for r | Unspecified | 9 |
The Xworm Malware is associated with Remcos. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operati | Unspecified | 7 |
The AsyncRAT Malware is associated with Remcos. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, ra | Unspecified | 6 |
The Formbook Malware is associated with Remcos. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms o | Unspecified | 5 |
The Remcos Rat Malware is associated with Remcos. Remcos RAT is a fully functional Remote Access Trojan (RAT) malware, which has been increasingly deployed using creative techniques to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without being detected. Notably, the EXE payl | Unspecified | 4 |
The QakBot Malware is associated with Remcos. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt ope | Unspecified | 4 |
The Agent Tesla Malware is associated with Remcos. Agent Tesla is a well-known malware that primarily targets systems through phishing attacks, exploiting an outdated Microsoft Office vulnerability (CVE-2017-11882). This malicious software is designed to infiltrate computer systems, often without the user's knowledge, and can steal personal informat | Unspecified | 4 |
The Qbot Malware is associated with Remcos. Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23 | Unspecified | 3 |
The Mallox Malware is associated with Remcos. Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .co | Unspecified | 3 |
The Doublefinger Malware is associated with Remcos. DoubleFinger, a sophisticated malware originating from China, was reported in June 2023 to be used in complex attacks aimed at stealing cryptocurrency. The malware operates as a five-stage, shellcode-style loader that conceals its payloads within PNG image files, which it downloads from the image-sh | Unspecified | 3 |
The Batcloak Malware is associated with Remcos. BatCloak is a fully undetectable (FUD) malware obfuscation engine that has been used by threat actors to stealthily deliver their malware since September 2022. The BatCloak engine was initially part of an FUD builder named Jlaive, which began circulating in 2022. Although the Jlaive code repository | Unspecified | 3 |
The Remcos Payload Malware is associated with Remcos. The Remcos payload is a form of malware that infiltrates computer systems and devices, causing significant damage by stealing personal information, disrupting operations, or holding data for ransom. The malware typically enters a system through suspicious downloads, emails, or websites without the u | Unspecified | 3 |
The The Protector Malware is associated with Remcos. "The Protector" is a malware identified as the Visual Basic Script (VBS) version of GuLoader. This malicious software, designed to exploit and damage computer systems, infiltrates through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal infor | Unspecified | 2 |
The Greetingghoul Malware is associated with Remcos. GreetingGhoul is a sophisticated malware designed to steal cryptocurrency, primarily deployed through the DoubleFinger loader, a five-stage shellcode-style loader that hides payloads in PNG image files. First reported on June 12, 2023, the DoubleFinger loader uses a technique known as Process Doppel | Unspecified | 2 |
The yty Malware is associated with Remcos. In late January 2018, ASERT discovered a new modular malware framework known as "yty". This malicious software, designed to exploit and damage computer systems, was found to be associated with the Donot Team, a group known for its use of modular/plugin-based malware frameworks. The yty malware focus | Unspecified | 2 |
The Targetcompany Malware is associated with Remcos. TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, o | Unspecified | 2 |
The Lokibot Malware is associated with Remcos. LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information | Unspecified | 2 |
The NETWIRE Malware is associated with Remcos. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at | Unspecified | 2 |
The njRAT Malware is associated with Remcos. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, d | Unspecified | 2 |
The Amadey Malware is associated with Remcos. Amadey is a malicious software (malware) that has been known since 2018 and is notorious for stealing credentials from popular browsers and various Virtual Network Computing (VNC) systems. The malware, which is often sold in underground forums, uses sophisticated techniques to infect systems, includ | Unspecified | 2 |
The Redline Stealer Malware is associated with Remcos. The RedLine Stealer is a formidable malware that specializes in stealthily stealing credentials and sensitive information. First documented in 2020, it has since evolved to use the Windows Communication Foundation (WCF) framework and later a REST API for network communication. This malware infects s | Unspecified | 2 |
The Smokeloader Malware is associated with Remcos. SmokeLoader is a malicious software (malware) that acts as a loader for other malware, injecting malicious code into the currently running explorer process and downloading additional payloads to the system. It has been used in conjunction with Phobos ransomware by threat actors who exploit its funct | Unspecified | 2 |
The Agenttesla Malware is associated with Remcos. AgentTesla is a well-known Remote Access Trojan (RAT) and infostealer malware that has been used in numerous cyber-attacks. It is often delivered through malicious emails or downloads, and once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for rans | Unspecified | 2 |
The Hijackloader Malware is associated with Remcos. HijackLoader is a new and rapidly growing malware in the cybercrime community, designed to exploit and damage computer systems. This malicious software infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once infiltrated, HijackLoader can steal personal | Unspecified | 2 |
The Rhadamanthys Malware is associated with Remcos. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tact | Unspecified | 2 |
The Darkgate Malware is associated with Remcos. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicio | Unspecified | 2 |
The Systembc Malware is associated with Remcos. SystemBC is a type of malware, or malicious software, known for its disruptive and exploitative nature. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once embedded, it can steal personal information, interrupt operations, or hold data hostage f | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Darkme Threat Actor is associated with Remcos. DarkMe is a threat actor group, also known as DarkCasino or Water Hydra, that has been active since 2022. They have gained notoriety for their use of the Trojan DarkMe in large-scale cyberattacks, primarily targeting financial institutions. The Trojan DarkMe, a Visual Basic spy Trojan, is a common t | Unspecified | 3 |
The Sidewinder Threat Actor is associated with Remcos. Sidewinder, a threat actor with a history of malicious activities dating back to 2012, has been linked to a series of sophisticated cyber threats targeting maritime facilities in multiple countries and government officials in Nepal. The group, believed to have South Asian origins, is known for its u | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Unit42 | 6 days ago | ||
DARKReading | a month ago | ||
Fortinet | 2 months ago | ||
InfoSecurity-magazine | 2 months ago | ||
Malware-traffic-analysis.net | 3 months ago | ||
Securelist | 4 months ago | ||
SANS ISC | 5 months ago | ||
DARKReading | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Unit42 | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Flashpoint | 7 months ago | ||
Securelist | 8 months ago | ||
BankInfoSecurity | 8 months ago | ||
Checkpoint | 8 months ago | ||
DARKReading | 9 months ago | ||
DARKReading | 9 months ago | ||
CERT-EU | 9 months ago | ||
CERT-EU | 9 months ago |