Remcos RAT - Indicators of Compromise
Last updated: 2026-05-24
C2 Domains (169)
trackpipe.dev newremupdate.duckdns.org lastore7kajp5.duckdns.org lastore7kajp4.duckdns.org lastore7kajp3.duckdns.org lastore7kajp2.duckdns.org lastore7kajp1.duckdns.org gapo.rako9jabus1.com newupdaterem.duckdns.org myremnew.duckdns.org newprocess28.duckdns.org mynewraw.duckdns.org estatuscuointeligencia.ydns.eu technologistics.online hyffygfukkjutfttyyertrdtrdftdtrdtdrtrttr.duckdns.org bukosakisagreatmanwhohasnotrepliredtoeop.duckdns.org yam.janou8kaburo1.com jahour7lamo4.duckdns.org jahour7lamo3.duckdns.org jahour7lamo2.duckdns.org jahour7lamo1.duckdns.org somethingtapangelcominginourlifeforbless.duckdns.org www.oluwasurreloggzbackup3.com www.oluwasurreloggzbackup2.com www.oluwasurreloggzbackup1.com www.oluwasurreloggz.com pb64.duckdns.org 192.210.229.56 bunnea.duckdns.org fastroute661.duckdns.org research.cloud-ip.cc bioresearch.bumbleshrimp.com research.abrdns.com papito.hopto.org rownip.dyndnss.net itsyou.blacksheeplookingugly.com www.greatnewcorpbackup3.com www.greatnewcorpbackup2.com www.greatnewcorpbackup1.com www.greatnewcorp.com www.newgracecorpbackup3.com www.newgracecorpbackup2.com www.newgracecorpbackup1.com www.newgracecorp.com soste15oct.duckdns.org camzeroconnect.duckdns.org ezege.duckdns.org fiancepsi1bk.duckdns.org fiancepsi1.duckdns.org wealthybank.ddns.net kere-32668.portmap.io throt2.gleeze.com throt.ddnsgeek.com alibabaforwader10.ddns.net mohmusremcos.duckdns.org escoclar.duckdns.org 4thguy.ooguy.com cdn.network-sync.online eepaulz.ansmtpariba.com kelvin654.duckdns.org sendfiletiahforem.ducdns.org service-kombk.ydns.eu service-kom.ydns.eu myremrem.duckdns.org myremupdates.duckdns.org winnersderwestrem.ddns.net universalgsinc.duckdns.org unigedgsinc.duckdns.org booloo.hopto.org tallymostfavor.duckdns.org vuloinsioscollid.duckdns.org princeremi25fr.accesscam.org myfresapril2025remi.accesscam.org letkepwinbudgt.accesscam.org hhufhtwest2887.ddns.net freewetremdsgft54.ddns.net forbacjskdfred.accesscam.org aprilfreshremsshot.ddns.net lewisham1122.ddnsking.com blessgod1903-60577.portmap.host paialspailas22.duckdns.org paialspailas.duckdns.org stinosa.duckdns.org chrisbekner001.duckdns.org remcos2025rem.duckdns.org remcosmonitor.duckdns.org gymacademie.ddns.net dcratyprograma.duckdns.org swre.remwavesw.com run.rollerswpush.eu rem.pushswroller.eu embargogo2377.duckdns.org hiddenhost.duckdns.org chhidden.duckdns.org sost1213.duckdns.org rxsas.duckdns.org newauthurdomain.duckdns.org shlobo.duckdns.org wemberdag.duckdns.org jansuri.kozow.com rcmpx.duckdns.org luuumabk.duckdns.org luuuma.duckdns.org bluntdavid38.kozow.com davidchong01.camdvr.org liveos.zapto.org limpios.con-ip.com shilajat.duckdns.org 1.tcp.us-cal-1.ngrok.io www.genaralclassprojectbackup3.com www.genaralclassprojectbackup2.com www.genaralclassprojectbackup1.com www.genaralclassproject.com backup2026.ddnsgeek.com olowo.gleeze.com rzchi.duckdns.org e70839572bk.duckdns.org e70839572.duckdns.org yuosryb6o.duckdns.org yuosryb6o.ddns.net wwww.pqpicc.com catoma11.accesscam.org longislandpremium.4nmn.com oswork.duckdns.org teebro1800.dynamic-dns.net rmcnewlistening.duckdns.org thacoseafoods.com servemail.exprotedsteel.pro thermsyit.duckdns.org perezchanges2464.duckdns.org carolinawri039884.duckdns.org believegodislove.top believegodisforalllove.top newremc.duckdns.org premwork.duckdns.org goodab.duckdns.org cavps7.duckdns.org dremom2.duckdns.org sendfiletiahforem.duckdns.org darkholocron.viewdns.net saturnexplorer.4nmn.com jgm.kozow.com jimbb.ydns.eu wealthabundance.duckdns.org akwaeze234.duckdns.org panda9001.ddns.net host.wemnbbsweoipmngbyutrdcunbgrtjeroendns.pro antifraud.duckdns.org cokka.duckdns.org gu-grant-gzbk.ydns.eu gu-grant-gz.ydns.eu theworldofgodispowerinc.duckdns.org newbeggin.duckdns.org gregolia.duckdns.org janbours92harbu04.duckdns.org janbours92harbu007.duckdns.org remchukwugixiemu4.duckdns.org remchukwugix231fgh.duckdns.org remccccs.fartit.com benito3343.duckdns.org alex22aro.hopto.org fastroute633.duckdns.org sub.noforabusers2.xyz buike0147.duckdns.org remcoctubre2024.duckdns.org cooempresasltda104.duckdns.org FXassistant.4nmn.com newlinkforconnect.duckdns.org mever.duckdns.org
C2 IP Addresses (200)
23.81.118.124 2.26.75.240 190.255.82.151 5.101.82.98 46.29.234.94 2.59.162.106 138.9.254.121 193.29.13.23 140.235.17.40 85.17.244.120 213.209.159.91 5.101.81.163 144.172.94.91 84.21.189.225 5.101.81.2 2.26.75.250 188.137.181.111 130.49.214.92 193.169.194.51 217.30.169.67 2.26.160.75 103.147.228.13 91.124.19.173 216.250.249.225 103.168.67.140 138.9.219.221 192.159.99.34 93.127.160.86 85.17.192.68 5.101.83.144 5.101.82.216 5.101.81.81 31.13.190.2 45.92.1.175 203.202.232.22 2.27.17.179 67.180.188.88 155.103.71.115 146.185.233.71 78.47.143.18 45.153.34.51 193.169.194.19 144.91.78.57 138.9.237.106 179.43.134.189 138.9.41.254 138.9.223.13 61.7.18.194 5.101.86.70 5.101.86.105 31.57.216.56 209.54.101.159 193.169.194.24 185.220.205.80 172.94.3.201 160.25.82.142 146.185.239.61 146.185.233.76 138.9.234.119 138.9.231.141 138.9.216.8 138.9.116.98 138.9.114.126 138.9.0.156 107.174.234.194 83.143.58.253 82.38.148.254 69.197.150.245 5.252.179.132 5.101.86.99 5.101.86.95 5.101.86.41 5.101.86.103 5.101.83.117 5.101.82.226 5.101.81.23 45.23.73.4 31.57.216.62 209.99.186.98 198.46.173.6 179.0.178.240 172.245.209.227 170.168.103.124 146.185.239.55 138.9.41.75 138.9.226.206 199.247.19.149 138.9.216.212 138.9.118.8 103.83.87.81 103.83.87.7 5.101.86.106 5.101.83.114 146.185.233.41 203.159.90.139 27.102.137.139 5.101.86.107 5.101.86.102 5.101.86.104 5.101.86.98 5.101.82.229 5.101.82.228 38.190.224.70 5.180.82.239 5.101.86.97 5.101.86.11 5.101.82.99 5.101.82.227 46.151.182.33 135.136.148.120 130.49.214.74 209.99.187.44 104.168.5.25 5.101.86.101 193.93.194.101 178.16.54.192 5.101.86.73 5.101.86.4 192.3.136.228 185.91.126.198 176.65.132.131 190.255.86.67 46.151.182.148 182.23.2.163 172.245.195.206 186.169.82.230 185.195.66.182 94.154.32.247 91.92.242.228 72.249.124.93 5.101.86.65 5.101.86.34 5.101.86.15 5.101.82.190 46.183.222.27 45.9.168.220 45.154.98.20 38.190.224.78 38.190.224.75 31.57.219.42 31.57.184.187 212.50.233.30 209.127.184.165 202.144.194.238 194.61.120.171 193.124.131.235 169.40.135.17 109.176.229.9 195.177.94.23 83.143.58.252 80.66.84.163 62.60.226.63 5.101.86.78 5.101.86.76 5.101.86.60 5.101.86.57 46.151.182.71 46.151.182.161 45.43.11.194 45.133.174.41 31.58.58.168 217.60.241.19 203.202.232.104 198.135.55.193 195.177.94.130 194.116.236.110 193.24.211.62 192.253.248.29 192.159.99.131 103.82.193.51 190.2.150.52 178.16.53.63 178.16.53.183 178.16.52.24 172.94.101.157 169.40.135.35 163.5.102.99 163.5.102.110 155.103.70.68 155.103.70.100 151.243.109.213 151.243.109.10 138.9.212.10 138.9.0.87 132.243.223.0 130.12.180.184 124.198.131.36 104.238.34.58 103.83.87.60 103.147.228.120 45.9.168.219 31.57.184.186 31.56.209.78 5.101.86.72 167.88.160.135 5.101.82.60 31.57.216.128 5.101.82.51 5.101.86.44 172.111.232.234
Malicious URLs (57)
https://bitbucket.org/ghkjkghlkgl/ghf/downloads/2.jpg https://raw.githubusercontent.com/solid-23/bv/refs/heads/main/SijgpcA.txt https://toptionlab.co.za/tr.vbs https://paste.sensio.no/BirdsKnocked https://raw.githubusercontent.com/solid-23/ki/refs/heads/main/boagniF.txt http://mivventi.com/adminreport/service.txt https://yaso.su/raw/uy3rCXFK http://80.253.251.8:5225/REFORESTGAL.VILAR-SL_NIEcopiaAusweis.pdf.lnk http://80.253.251.8:5225/Ausweis.js http://192.3.176.237/100/img_043611.png https://lpi0ngge6c.ufs.sh/f/6iUgXKGAnNfhv6ErsuPf2QHpJ59uZgXt1RD0dnyqcMGKeYi4 https://lpi0ngge6c.ufs.sh/f/6iUgXKGAnNfhfkzVpT8zhFpeCvZscS8IaxlWKQyYEH0qrJ7G https://epaste.app/p/MYgb7ihl/raw https://raw.githubusercontent.com/respalditorespaldito/repalditopro/refs/heads/main/CRYP.txt https://yaso.su/raw/utlwCJNi https://pastefy.app/WSBxlMpn/raw https://186.169.75.221/a.exe https://bashupload.com/Daerjg.exe https://dn721508.ca.archive.org/0/items/optimized_msi_20251017_0233/optimized_MSI.png http://186.169.76.187/31agosto.vbs http://186.169.76.187/sostener.vbs http://186.169.76.187/andre.vbs http://186.169.76.187/dllchichi.txt http://186.169.76.187/pchichi.txt http://respaldo2.duckdns.org/scvhost.vbs http://runds.duckdns.org/proceso.vbs http://respaldo2.duckdns.org/proceso.vbs http://runds.duckdns.org/scvhost.vbs http://exclusionremcoss.duckdns.org/sostener.vbs http://exclusionremcoss.duckdns.org/sostener1.vbs http://exclusionremcoss.duckdns.org/proceso.vbs http://exclusionremcoss.duckdns.org/scvhost.vbs http://arcangelgabriel2828.duckdns.org/sostener.vbs http://arcangelgabriel2830.duckdns.org/sosten.vbs http://arcangelgabriel2830.duckdns.org/sostener.vbs http://remcolinomayo24.duckdns.org/sostener.vbs http://avefenix21deabril.duckdns.org/proceso.vbs http://remcolino.duckdns.org/proceso.vbs http://remcolinomayo24.duckdns.org/sosten.vbs http://rc2404.duckdns.org/sosten.vbs http://avefenix21deabril.duckdns.org/sostener.vbs http://cookies641570.duckdns.org/sosten.vbs http://remcolino.duckdns.org/sostener.vbs http://remcos7770.duckdns.org/proceso.vbs http://rc2404.duckdns.org/sostener.vbs http://cookies32560.duckdns.org/sostener.vbs http://cookies32560.duckdns.org/sosten.vbs http://remcolinomayo24.duckdns.org/proceso.vbs http://arcangelgabriel2828.duckdns.org/proceso.vbs http://arcangelgabriel2828.duckdns.org/sosten.vbs http://remcos7770.duckdns.org/sosten.vbs http://remcolino.duckdns.org/sosten.vbs http://cookies641570.duckdns.org/sostener.vbs http://cookies32560.duckdns.org/proceso.vbs http://rc2404.duckdns.org/proceso.vbs http://asincnew5555.duckdns.org/sosten.vbs http://remcos7770.duckdns.org/sostener.vbs
Data Sources
MalwareBazaar (abuse.ch) • ThreatFox (abuse.ch) • URLhaus (abuse.ch)