HOMETHREATSRemotePE
APT / THREAT GROUP

RemotePE

2
aliases
Last seen:Jun 11, 2026

Intelligence Profile

According to Fox-IT, RemotePE is the final-stage in-memory RAT that operates across multiple threads to handle C2 communication and command execution. It exposes a range of capabilities via a structured command set, including configuration, console access, file and process operations, and plugin support to dynamically load additional payloads. The framework emphasizes memory-only execution and encrypted, compressed exchanges with the C2, aiming to minimize forensic traces and enable long-term, stealthy control managed by an operator.

Threat Analysis

RemotePE is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning RemotePE

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

RemotePEwin.remotepe

External Intelligence

Malpedia: win.remotepe

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.