Multiple spear phishing campaigns tried to spread Remcos RAT. It targets Oil comapines, maritime equipment manufacturer and energy sector. It is spread by Microsoft Office documents and Excel spreadsheets. Most notably it target Turkish defense contractors. The phishing mail sent appears for Turkish Tax collection department. The content of the file appear blur which encourage the victim to enable Macros so that it can install backdoor.
Remcos Pishing Sample Document Download
Remcos RAT Signatures
Remcos RAT Sample Download
Password of the archive is infected