Remcos

GPTKB entity

Statements (46)
Predicate Object
gptkbp:instanceOf Remote Access Trojan
gptkbp:abusedBy Cybercriminals
gptkbp:analyzes Security researchers
gptkbp:canBeBypassedBy gptkb:User_Account_Control_(UAC)
Antivirus software
gptkbp:canBeCaptured Audio
Webcam video
Screenshots
gptkbp:canDownload gptkb:Files
gptkbp:canExecute Commands remotely
gptkbp:canPersist On infected system
gptkbp:canSteal Browser credentials
Clipboard data
Email credentials
FTP credentials
VPN credentials
gptkbp:canUninstall Itself
gptkbp:canUpload gptkb:Files
gptkbp:category gptkb:Remote_Administration_Tool
malware
Cybersecurity threat
gptkbp:communicatesVia gptkb:HTTP
gptkb:TCP
gptkb:UDP
Custom protocols
gptkbp:detects gptkb:Antivirus_vendors
gptkbp:developedBy gptkb:Breaking_Security
gptkbp:firstAppearance 2016
https://www.w3.org/2000/01/rdf-schema#label Remcos
gptkbp:notable_campaign gptkb:COVID-19_phishing_campaigns
Banking credential theft campaigns
Targeted attacks on businesses
gptkbp:notableRelease Itself
gptkbp:operatingSystem gptkb:Windows
gptkbp:sells Commercial software
gptkbp:spreadTo Exploit kits
Malicious attachments
Phishing emails
gptkbp:usedFor Surveillance
Malware distribution
Credential theft
Keylogging
Remote control of infected computers
gptkbp:website https://breakingsecurity.net/remcos/
gptkbp:bfsParent gptkb:APT33
gptkbp:bfsLayer 6