{"id":133556,"date":"2025-11-18T11:03:15","date_gmt":"2025-11-18T11:03:15","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=133556"},"modified":"2025-11-18T11:06:24","modified_gmt":"2025-11-18T11:06:24","slug":"remcos-rat-c2-activity-mapped","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/","title":{"rendered":"Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications"},"content":{"rendered":"\n<p>Remcos, a commercial remote access tool distributed by Breaking-Security and marketed as administrative software, has become a serious threat in the cybersecurity landscape.<\/p>\n\n\n\n<p>Developed in the mid-2010s, this malware enables attackers to execute remote commands, steal files, capture screens, log keystrokes, and collect user credentials through command-and-control servers using HTTP or HTTPS channels.<\/p>\n\n\n\n<p>Despite being positioned as <a href=\"https:\/\/cybersecuritynews.com\/lazarus-hackers-altering-legitimate-software-packages\/\" target=\"_blank\" rel=\"noreferrer noopener\">legitimate software<\/a> with both free and paid versions, unauthorized copies are actively used in the wild for data theft and unauthorized system access.<\/p>\n\n\n\n<p>The malware spreads through email campaigns containing malicious attachments and files hosted on compromised websites.<\/p>\n\n\n\n<p>Attackers also use specialized loaders such as <a href=\"https:\/\/cybersecuritynews.com\/researchers-remcos-rat-and-guloader\/\" target=\"_blank\" rel=\"noreferrer noopener\">GuLoader<\/a> and Reverse Loader to deliver Remcos as a second-stage payload, allowing them to bypass initial detection systems.<\/p>\n\n\n\n<p>Once installed, the malware establishes persistence and maintains continuous communication with its control infrastructure, creating a reliable backdoor for ongoing attacks.<\/p>\n\n\n\n<p>Censys security analysts <a href=\"https:\/\/censys.com\/blog\/threat-overview-remcos-c2\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">noted<\/a> that between October 14 and November 14, 2025, they consistently tracked over 150 active Remcos command-and-control servers worldwide.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-infrastructure\"><strong>Infrastructure<\/strong><\/h2>\n\n\n\n<p>This substantial infrastructure demonstrates the tool&#8217;s widespread adoption among threat actors.<\/p>\n\n\n\n<p>The servers typically operated on port 2404, the default choice for Remcos, with additional activity observed on ports 5000, 5060, 5061, 8268, and 8808, showing operators&#8217; flexibility in deployment strategies.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj7jFmbz8WYCK6qHgJQyxXt_fK4awj0YE_whu4vu8CsI9yLkenK4b-mIimovzAfIE-JAirkw_GcChbWLS92RrlSnAdC5WPvYMv7DuwrJcYOJ31Wjyv_kHu3I-FY_jBtXv3Dzv3i5RhOGu0QkU5IHqbrkrcuX5o1zXp7Jw5QXshRr-7lCJf0QnYrCphkmzc\/s16000\/Remcos%20persistence%20configuration%20(Source%20-%20Censys).webp\" alt=\"Remcos persistence configuration (Source - Censys)\" \/><figcaption class=\"wp-element-caption\">Remcos persistence configuration (Source &#8211; Censys)<\/figcaption><\/figure><\/div>\n\n\n<p>Understanding C2 Communication Networks reveals how Remcos maintains control. The malware communicates through HTTP and HTTPS protocols on predictable ports, with network traffic frequently containing encoded POST requests and unusual TLS configurations that create distinctive patterns.<\/p>\n\n\n\n<p>Operators typically reuse certificates across multiple servers, employ template-based setups, and leverage inexpensive hosting providers like COLOCROSSING, RAILNET, and CONTABO across the United States, Netherlands, Germany, and other countries.<\/p>\n\n\n\n<p>This infrastructure pattern enables network defenders to identify and block communications at detection points.<\/p>\n\n\n\n<p>The detected <a href=\"https:\/\/cybersecuritynews.com\/detecting-and-responding-to-new-nation-state-persistence-techniques\/\" target=\"_blank\" rel=\"noreferrer noopener\">persistence<\/a> mechanisms include Scheduled Tasks and Registry Run-key entries, allowing attackers to maintain access even after system restarts.<\/p>\n\n\n\n<p>This combination of command execution, file transfer capabilities, and resilient persistence makes Remcos particularly dangerous for organizations with weak security controls, requiring immediate <a href=\"https:\/\/cybersecuritynews.com\/network-monitoring-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">network monitoring<\/a> and endpoint detection measures.<\/p>\n\n\n\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 91%,rgb(169,184,195) 100%)\"><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in\u00a0<a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Remcos, a commercial remote access tool distributed by Breaking-Security and marketed as administrative software, has become a serious threat in the cybersecurity landscape. Developed in the mid-2010s, this malware enables attackers to execute remote commands, steal files, capture screens, log keystrokes, and collect user credentials through command-and-control servers using HTTP or HTTPS channels. Despite being [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":133626,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,48],"tags":[149,151],"class_list":{"0":"post-133556","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-threats","9":"tag-cyber-security","10":"tag-cyber-security-news"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications<\/title>\n<meta name=\"description\" content=\"Remcos, a remote access tool misused by attackers, spreads via malicious emails and enables data theft, keystroke logging, etc..\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications\" \/>\n<meta property=\"og:description\" content=\"Remcos, a remote access tool misused by attackers, spreads via malicious emails and enables data theft, keystroke logging, etc..\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-18T11:03:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-18T11:06:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications","description":"Remcos, a remote access tool misused by attackers, spreads via malicious emails and enables data theft, keystroke logging, etc..","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/","og_locale":"en_US","og_type":"article","og_title":"Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications","og_description":"Remcos, a remote access tool misused by attackers, spreads via malicious emails and enables data theft, keystroke logging, etc..","og_url":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-11-18T11:03:15+00:00","article_modified_time":"2025-11-18T11:06:24+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications","datePublished":"2025-11-18T11:03:15+00:00","dateModified":"2025-11-18T11:06:24+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/"},"wordCount":364,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news"],"articleSection":["Cyber Security News","Threats"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/","url":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/","name":"Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-11-18T11:03:15+00:00","dateModified":"2025-11-18T11:06:24+00:00","description":"Remcos, a remote access tool misused by attackers, spreads via malicious emails and enables data theft, keystroke logging, etc..","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/#primaryimage","url":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/remcos-rat-c2-activity-mapped\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World&#039;s #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiA90WI0xCUsh89-IlZ8QmJi-EmRE2qvZnNO4SmuLe7066Zy7BaurCRz4wa0vRaCeLITTfv3UQOgYEJzL1byerJlvuzYZm9ePgtdd3iL4rBaiwQtw1ADmvuxBLOy2PcyReGMbYItPL0qyurlz99FLcpynsbXVpILT0TS5sxiqq-HZm6LjShZ9S1kTbvAD0\/s16000\/Remcos%20RAT%20C2%20Activity%20Mapped%20Along%20With%20the%20Ports%20used%20for%20Communications.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=133556"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133556\/revisions"}],"predecessor-version":[{"id":133624,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133556\/revisions\/133624"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/133626"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=133556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=133556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=133556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}