Page 87 - Cyber Defense eMagazine October 2023
P. 87
Multistage Attacks-Malicious IPs and Server Infrastructure:
Below are a few screenshots of the malicious IPs hosting several malicious files including Remcos RAT
for multistage attack. The server hosting these malicious files is running the Apache web server on a
Windows 64-bit operating system. It also employs OpenSSL and PHP. The server is accessible on port
80, which is the default port for HTTP communication. Similar infrastructure is used for many of other
servers to host such malicious files and Remcos RAT.
Cyber Defense eMagazine – October 2023 Edition 87
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.