The sample (Riotgames.exe: 5379d703170770355efdbce86dcdb1d3) we investigated in this report is
            Remcos RAT and downloaded from server hosted on IP “141[.]95[.]16[.]111”.





















            Constant Discovery and OSINT Insights:

            As per the OSINT investigation, such IPs/URLs hosting Remcos RAT and delivering such malicious
            payloads on infected machines are constantly reported by independent researchers and such discovery
            increased  in  the  past  two  months.  The  Following  are  several  URLs/IPs  identified  using  OSINT
            investigation, hosting Remcos RAT, GuLoader and other malicious files.




























            In this month several new IPs were reported hosting Remcos RAT.
















            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          86
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.