s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

TF-1833625 high

📛 Threat Title

Remcos: Domain that is used for botnet Command&control (C&C) taivvans.ydns.eu

Category: Remcos Published: Source updated: First seen: Last updated: Source: Threatfox IOCs/Threats

Description

Indicator that identifies a botnet command&control server (C&C). IOC type: Domain that is used for botnet Command&control (C&C). Attributed malware: Remcos (aliases: RemcosRAT,Remvio,Socmer). Confidence: 75. First seen: 2026-06-17 23:50:58 UTC. Reporter: abuse_ch. Tags: remcos.

Remediations (10)

  • Censys Threat Overview: Mapping Remcos C2 Activity at Internet Scale
    web:censys.com

    Executive Summary Remcos is a commercial remote access tool distributed by Breaking-Security and marketed as "Remote Administration Software." It supports remote command execution, file transfer, screen capture, keylogging, and credential collection over an HTTP or HTTPS command-and-control (C2) channel. Public reporting places initial development in the mid-2010s. Recent versions use a ...

  • Naveska1/Remcos-Rat-Malware-Identification-and-analysis - GitHub
    web:github.com

    This repository details the findings from a recent incident response engagement involving a Remcos Remote Access Trojan (RAT) infection. My analysis focused on network traffic captured in a Packet Capture (PCAP) file to identify the malware's communication patterns, Command & Control (C2) infrastructure, and exfiltration activities.

  • ThreatFox | rem.ydns.eu
    web:threatfox.abuse.ch

    Remcos IOC: rem.ydns.eu ( domain ) You are viewing the ThreatFox database entry for domain rem.ydns.eu.

  • ThreatFox | sun-006.ydns.eu
    web:threatfox.abuse.ch

    Remcos IOC: sun-006.ydns.eu ( domain ) You are viewing the ThreatFox database entry for domain sun-006.ydns.eu.

  • Remcos RAT: Network Artifacts, C2 Command Analysis & SASE Mitigation ...
    web:www.aryaka.com

    How does Unified SASE as a Service help mitigate Remcos Infections? A Unified SASE framework integrates network security and zero-trust access controls to defend against threats like Remcos RAT, which uses command-and-control (C2) channels for data exfiltration and remote operations.

  • The Persistent Danger of Remcos RAT - Cyber Defense Magazine
    web:www.cyberdefensemagazine.com

    The discovery of multiple IPs hosting the Remcos RAT underscores the widespread reach of this threat: these IPs serve as conduits for delivering malicious payloads, and the dynamic nature of the infrastructure presents an intricate challenge for mitigation efforts.

  • Fileless Remcos Attacks on the Rise - CyberProof
    web:www.cyberproof.com

    Remcos is a commercial Remote Access Tool (RAT) to remotely control computers. Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes but has been used in numerous hacking campaigns. Once installed, Remcos opens a backdoor on the device/computer, granting full access to the remote user.

  • Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 ...
    web:www.elastic.co

    In previous articles in this multipart series, malware researchers on the Elastic Security Labs team dove into the REMCOS execution flow. In this article, you'll learn more about REMCOS configuration structure and its C2 commands.

  • New Campaign Uses Remcos RAT to Exploit Victims
    web:www.fortinet.com

    The setting values tell Remcos how to do its work on the victim's device, including the C&C server IP address and port, Remcos' name, Remcos' mutex name (also registry key name), a Remcos license number, the keylogger's local log file, a couple of certificates used to verify and communicate with the C&C server, and several switch flags ...

  • Remcos Revisited: Inside the RAT's Evolving Command-and-Control ...
    web:www.pointwild.com

    Remcos RAT initializes by decrypting its configuration, setting persistence, and dynamically loading APIs to evade detection before establishing command-and-control (C2) communication. Its initialization sequence is designed to hide its true capabilities until runtime, making it more difficult. Remcos stores its configuration in encrypted or compressed form inside the binary.

Indicators of Compromise (1)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

domain taivvans.ydns.eu

IOC database

Type
domain
Value
taivvans.ydns.eu
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Domain that is used for botnet Command&control (C&C) attributed to Remcos

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

References (3)

  • External reference Threatfox IOCs/Threats
  • Malpedia profile Threatfox IOCs/Threats
  • ThreatFox IOC page Threatfox IOCs/Threats

    Indicator that identifies a botnet command&control server (C&C). IOC type: Domain that is used for botnet Command&control (C&C). Attributed malware: Remcos (aliases: RemcosRAT,Remvio,Socmer). Confidence: 75. First seen: 2026-06-17 23:50:58 UTC. Reporter: abuse_ch. Tags: remcos.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.