Remcos RAT - Indicators of Compromise
Last updated: 2026-04-18
C2 Domains (142)
www.oluwasurreloggzbackup3.com www.oluwasurreloggzbackup2.com www.oluwasurreloggzbackup1.com www.oluwasurreloggz.com pb64.duckdns.org 192.210.229.56 bunnea.duckdns.org fastroute661.duckdns.org research.cloud-ip.cc bioresearch.bumbleshrimp.com research.abrdns.com papito.hopto.org rownip.dyndnss.net itsyou.blacksheeplookingugly.com www.greatnewcorpbackup3.com www.greatnewcorpbackup2.com www.greatnewcorpbackup1.com www.greatnewcorp.com www.newgracecorpbackup3.com www.newgracecorpbackup2.com www.newgracecorpbackup1.com www.newgracecorp.com soste15oct.duckdns.org camzeroconnect.duckdns.org ezege.duckdns.org fiancepsi1bk.duckdns.org fiancepsi1.duckdns.org wealthybank.ddns.net kere-32668.portmap.io throt2.gleeze.com throt.ddnsgeek.com alibabaforwader10.ddns.net mohmusremcos.duckdns.org escoclar.duckdns.org 4thguy.ooguy.com cdn.network-sync.online eepaulz.ansmtpariba.com kelvin654.duckdns.org sendfiletiahforem.ducdns.org service-kombk.ydns.eu service-kom.ydns.eu myremrem.duckdns.org myremupdates.duckdns.org winnersderwestrem.ddns.net princeremi25fr.accesscam.org myfresapril2025remi.accesscam.org letkepwinbudgt.accesscam.org hhufhtwest2887.ddns.net freewetremdsgft54.ddns.net forbacjskdfred.accesscam.org aprilfreshremsshot.ddns.net lewisham1122.ddnsking.com blessgod1903-60577.portmap.host paialspailas22.duckdns.org paialspailas.duckdns.org stinosa.duckdns.org chrisbekner001.duckdns.org remcos2025rem.duckdns.org remcosmonitor.duckdns.org gymacademie.ddns.net dcratyprograma.duckdns.org swre.remwavesw.com run.rollerswpush.eu rem.pushswroller.eu embargogo2377.duckdns.org hiddenhost.duckdns.org chhidden.duckdns.org sost1213.duckdns.org rxsas.duckdns.org newauthurdomain.duckdns.org shlobo.duckdns.org wemberdag.duckdns.org jansuri.kozow.com rcmpx.duckdns.org luuumabk.duckdns.org luuuma.duckdns.org bluntdavid38.kozow.com davidchong01.camdvr.org liveos.zapto.org limpios.con-ip.com shilajat.duckdns.org 1.tcp.us-cal-1.ngrok.io www.genaralclassprojectbackup3.com www.genaralclassprojectbackup2.com www.genaralclassprojectbackup1.com www.genaralclassproject.com backup2026.ddnsgeek.com olowo.gleeze.com rzchi.duckdns.org e70839572bk.duckdns.org e70839572.duckdns.org yuosryb6o.duckdns.org yuosryb6o.ddns.net wwww.pqpicc.com catoma11.accesscam.org longislandpremium.4nmn.com oswork.duckdns.org teebro1800.dynamic-dns.net rmcnewlistening.duckdns.org thacoseafoods.com servemail.exprotedsteel.pro thermsyit.duckdns.org perezchanges2464.duckdns.org carolinawri039884.duckdns.org believegodislove.top believegodisforalllove.top newremc.duckdns.org premwork.duckdns.org goodab.duckdns.org cavps7.duckdns.org dremom2.duckdns.org sendfiletiahforem.duckdns.org darkholocron.viewdns.net saturnexplorer.4nmn.com jgm.kozow.com jimbb.ydns.eu wealthabundance.duckdns.org akwaeze234.duckdns.org panda9001.ddns.net host.wemnbbsweoipmngbyutrdcunbgrtjeroendns.pro antifraud.duckdns.org cokka.duckdns.org gu-grant-gzbk.ydns.eu gu-grant-gz.ydns.eu theworldofgodispowerinc.duckdns.org newbeggin.duckdns.org gregolia.duckdns.org janbours92harbu04.duckdns.org janbours92harbu007.duckdns.org remchukwugixiemu4.duckdns.org remchukwugix231fgh.duckdns.org remccccs.fartit.com benito3343.duckdns.org alex22aro.hopto.org fastroute633.duckdns.org sub.noforabusers2.xyz buike0147.duckdns.org remcoctubre2024.duckdns.org cooempresasltda104.duckdns.org FXassistant.4nmn.com newlinkforconnect.duckdns.org mever.duckdns.org
C2 IP Addresses (139)
37.120.206.165 45.151.81.138 192.3.177.136 155.103.71.232 2.27.62.155 209.99.188.32 198.46.173.5 172.245.4.226 209.54.101.159 192.227.135.240 185.167.61.11 173.211.106.14 192.227.128.157 38.102.9.247 66.63.170.73 194.26.192.214 178.32.252.70 136.244.88.162 37.221.65.44 38.190.224.70 85.122.114.190 163.5.210.172 163.5.210.173 172.245.119.75 216.250.253.125 31.57.38.176 85.239.147.3 192.227.135.226 188.90.75.98 100.76.160.96 80.66.75.51 207.174.0.44 185.244.31.212 37.120.156.119 45.32.111.46 78.198.121.158 45.74.48.70 192.241.134.241 154.84.154.20 192.227.219.95 194.59.30.128 178.16.53.54 149.202.74.109 178.16.54.81 130.12.182.112 107.172.13.249 104.37.175.60 104.250.169.105 192.159.99.60 192.227.135.205 45.137.23.26 107.172.13.230 24.194.74.39 86.120.140.234 194.59.31.193 130.12.182.113 212.162.149.143 135.125.189.140 38.242.134.228 216.224.116.143 103.83.86.16 45.74.48.74 178.16.54.208 191.107.90.235 107.175.246.25 192.144.32.54 147.45.179.14 23.254.230.135 192.210.186.224 45.150.66.53 45.150.66.52 69.61.84.164 150.241.203.242 4.228.217.99 104.250.169.101 162.245.218.27 107.172.31.107 45.11.88.42 5.101.86.39 162.245.218.32 162.245.218.22 45.83.31.94 185.241.211.23 3.133.141.57 35.185.182.234 176.65.132.29 103.47.146.161 23.106.45.121 163.5.56.206 185.218.138.25 195.177.94.209 38.68.47.4 104.128.191.55 162.216.243.39 107.174.33.4 155.103.71.207 172.94.14.40 138.199.59.5 172.111.213.118 191.107.91.72 207.180.217.49 185.208.156.187 103.83.86.58 198.135.54.85 109.199.121.1 104.223.84.7 91.92.41.4 89.40.206.98 69.5.189.249 178.16.53.96 172.111.162.252 86.54.42.79 149.50.96.57 193.26.115.167 139.28.219.40 64.89.163.98 5.101.86.27 172.65.239.53 178.16.52.127 104.168.7.222 67.213.113.231 94.103.83.166 104.234.63.107 104.223.84.21 107.172.44.183 91.92.243.20 104.37.174.26 172.245.4.221 104.168.70.172 104.168.115.89 80.97.44.102 185.156.175.43 212.11.64.78 109.205.211.40 107.175.148.102 45.133.174.176 176.65.132.31 104.250.169.106 74.118.172.190
Malicious URLs (50)
http://80.253.251.8:5225/REFORESTGAL.VILAR-SL_NIEcopiaAusweis.pdf.lnk http://80.253.251.8:5225/Ausweis.js http://192.3.176.237/100/img_043611.png https://lpi0ngge6c.ufs.sh/f/6iUgXKGAnNfhv6ErsuPf2QHpJ59uZgXt1RD0dnyqcMGKeYi4 https://lpi0ngge6c.ufs.sh/f/6iUgXKGAnNfhfkzVpT8zhFpeCvZscS8IaxlWKQyYEH0qrJ7G https://epaste.app/p/MYgb7ihl/raw https://raw.githubusercontent.com/respalditorespaldito/repalditopro/refs/heads/main/CRYP.txt https://yaso.su/raw/utlwCJNi https://pastefy.app/WSBxlMpn/raw https://186.169.75.221/a.exe https://bashupload.com/Daerjg.exe https://dn721508.ca.archive.org/0/items/optimized_msi_20251017_0233/optimized_MSI.png http://186.169.76.187/31agosto.vbs http://186.169.76.187/sostener.vbs http://186.169.76.187/andre.vbs http://186.169.76.187/dllchichi.txt http://186.169.76.187/pchichi.txt http://respaldo2.duckdns.org/scvhost.vbs http://runds.duckdns.org/proceso.vbs http://respaldo2.duckdns.org/proceso.vbs http://runds.duckdns.org/scvhost.vbs http://exclusionremcoss.duckdns.org/sostener.vbs http://exclusionremcoss.duckdns.org/sostener1.vbs http://exclusionremcoss.duckdns.org/proceso.vbs http://exclusionremcoss.duckdns.org/scvhost.vbs http://arcangelgabriel2828.duckdns.org/sostener.vbs http://arcangelgabriel2830.duckdns.org/sosten.vbs http://arcangelgabriel2830.duckdns.org/sostener.vbs http://remcolinomayo24.duckdns.org/sostener.vbs http://avefenix21deabril.duckdns.org/proceso.vbs http://remcolino.duckdns.org/proceso.vbs http://remcolinomayo24.duckdns.org/sosten.vbs http://rc2404.duckdns.org/sosten.vbs http://avefenix21deabril.duckdns.org/sostener.vbs http://cookies641570.duckdns.org/sosten.vbs http://remcolino.duckdns.org/sostener.vbs http://remcos7770.duckdns.org/proceso.vbs http://rc2404.duckdns.org/sostener.vbs http://cookies32560.duckdns.org/sostener.vbs http://cookies32560.duckdns.org/sosten.vbs http://remcolinomayo24.duckdns.org/proceso.vbs http://arcangelgabriel2828.duckdns.org/proceso.vbs http://arcangelgabriel2828.duckdns.org/sosten.vbs http://remcos7770.duckdns.org/sosten.vbs http://remcolino.duckdns.org/sosten.vbs http://cookies641570.duckdns.org/sostener.vbs http://cookies32560.duckdns.org/proceso.vbs http://rc2404.duckdns.org/proceso.vbs http://asincnew5555.duckdns.org/sosten.vbs http://remcos7770.duckdns.org/sostener.vbs
Data Sources
MalwareBazaar (abuse.ch) • ThreatFox (abuse.ch) • URLhaus (abuse.ch)