Remcos is used to take control of an infected system and collect system information like keystrokes, webcam images, screen captures, and passwords. 

Remcos supports many control commands to perform various tasks on a victim’s device.

Based on command-and-control (C2) commands, it can do further malicious activities such as start and stop keyloggers, download file, delete file, upload file, open and close camera, record audio, display warning message, and get clipboard data.

Read the following blogs for more information:

• Flax Typhoon using legitimate software to quietly access Taiwanese organizations
• How the Microsoft Incident Response team helps customers remediate threats
• Threat actors strive to cause Tax Day headaches

Remcos is used to take control of an infected system and collect system information like keystrokes, webcam images, screen captures, and passwords. 

Remcos supports many control commands to perform various tasks on a victim’s device.

Based on command-and-control (C2) commands, it can do further malicious activities such as start and stop keyloggers, download file, delete file, upload file, open and close camera, record audio, display warning message, and get clipboard data.

Read the following blogs for more information:

• Flax Typhoon using legitimate software to quietly access Taiwanese organizations
• How the Microsoft Incident Response team helps customers remediate threats
• Threat actors strive to cause Tax Day headaches

Remcos is used to take control of an infected system and collect system information like keystrokes, webcam images, screen captures, and passwords. 

Remcos supports many control commands to perform various tasks on a victim’s device.

Based on command-and-control (C2) commands, it can do further malicious activities such as start and stop keyloggers, download file, delete file, upload file, open and close camera, record audio, display warning message, and get clipboard data.

Read the following blogs for more information:

• Flax Typhoon using legitimate software to quietly access Taiwanese organizations
• How the Microsoft Incident Response team helps customers remediate threats
• Threat actors strive to cause Tax Day headaches

This is a detection for an RTF file with an equation object. It takes advantage of the Microsoft Office vulnerability CVE-2017-11882. It also downloads a Remcos payload.

Read the following blogs for more information:

• Flax Typhoon using legitimate software to quietly access Taiwanese organizations
• How the Microsoft Incident Response team helps customers remediate threats
• Threat actors strive to cause Tax Day headaches

Remcos is used to take control of an infected system and collect system information like keystrokes, webcam images, screen captures, and passwords. 

Remcos supports many control commands to perform various tasks on a victim’s device.

Based on command-and-control (C2) commands, it can do further malicious activities such as start and stop keyloggers, download file, delete file, upload file, open and close camera, record audio, display warning message, and get clipboard data.

Read the following blogs for more information:

• Flax Typhoon using legitimate software to quietly access Taiwanese organizations
• How the Microsoft Incident Response team helps customers remediate threats
• Threat actors strive to cause Tax Day headaches