Multistage Attacks-Malicious IPs and Server Infrastructure:

            Below are a few screenshots of the malicious IPs hosting several malicious files including Remcos RAT
            for multistage attack. The server hosting these malicious files is running the Apache web server on a
            Windows 64-bit operating system. It also employs OpenSSL and PHP. The server is accessible on port
            80, which is the default port for HTTP communication. Similar infrastructure is used for many of other
            servers to host such malicious files and Remcos RAT.




















            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          87
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.