IOCs · Remcos · threatengine.sh

IOCs

Indicators for Remcos

370 indicators · scoped to malware families · back to Remcos

Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this tool uses. All indicators are defanged for safe handling.

⚠

Indicators

100 of 370

url

hxxps://raw.githubusercontent.com/solid-23/ghy/refs/heads/main/kkArdSd.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/slaytonms/ab/refs/heads/main/AdkkSfA.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/solid-23/kl/refs/heads/main/mkFpIik.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/solid-23/job/refs/heads/main/fhhkmoo.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/slaytonms/gt/refs/heads/main/djkpodd.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/slaytonms/nb/refs/heads/main/SrdmaIk.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/slaytonms/hy/refs/heads/main/cAbdcfo.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/slaytonms/df/refs/heads/main/oicAjon.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/slaytonms/hi/refs/heads/main/peokjfS.txt

family remcos source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://80.253.251.8:5225/REFORESTGAL.VILAR-SL_NIEcopiaAusweis.pdf.lnk

family remcos source urlhaus first seen 2026-03-14 13:32:06 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://80.253.251.8:5225/Ausweis.js

family remcos source urlhaus first seen 2026-03-14 13:31:14 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://192.3.176.237/100/img_043611.png

family remcos source urlhaus first seen 2026-03-04 06:10:13 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://lpi0ngge6c.ufs.sh/f/6iUgXKGAnNfhv6ErsuPf2QHpJ59uZgXt1RD0dnyqcMGKeYi4

family remcos source urlhaus first seen 2026-03-03 06:19:11 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://lpi0ngge6c.ufs.sh/f/6iUgXKGAnNfhfkzVpT8zhFpeCvZscS8IaxlWKQyYEH0qrJ7G

family remcos source urlhaus first seen 2026-03-03 06:19:11 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://epaste.app/p/MYgb7ihl/raw

family remcos source urlhaus first seen 2026-03-03 06:19:11 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/respalditorespaldito/repalditopro/refs/heads/main/CRYP.t

family remcos source urlhaus first seen 2026-03-03 06:19:08 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://yaso.su/raw/utlwCJNi

family remcos source urlhaus first seen 2026-02-26 05:40:10 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://pastefy.app/WSBxlMpn/raw

family remcos source urlhaus first seen 2026-02-26 05:39:07 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://drive.google.com/uc?id=1YDCOOw9TkyO5_QFbdZcaqKD9hZDoUg7O

family remcos source urlhaus first seen 2024-12-13 14:36:10 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://dreamwatchevent.com/zp-user/Protected%20Client.js

family remcos source urlhaus first seen 2022-02-22 18:41:04 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

ip:port

5[.]101[.]81[.]163:47524