Tag: romcom

3 Attack Reports | 0 Vulnerabilities

Attack reports

Ukrainian and Polish entities targeted with RomCom malware variants

A Russian-speaking threat group, UAT-5647, has been conducting attacks against Ukrainian government entities and Polish targets since late 2023. The group has evolved its toolset to include four distinct malware families: RustClaw and MeltingClaw downloaders, DustyHammock backdoor, and ShadyHammock…
russia
ukraine
poland
romcom
2024-10-17
singlecamper
dustyhammock
shadyhammock
rustclaw
rustyclaw
meltingclaw
Published: October 17, 2024
Downloadable IOCs: 0

Inside SnipBot: The Latest RomCom Malware Variant

A novel version of the RomCom malware family called SnipBot has been discovered, revealing post-infection activity from attackers on victim systems. This new strain employs new tricks and unique code obfuscation methods beyond those seen in previous RomCom versions. The infection chain begins with …
romcom
2024-09-24
snipbot
Published: September 24, 2024
Downloadable IOCs: 38

Ransomware Roundup - Underground

The Underground ransomware, first observed in July 2023, targets Windows machines by encrypting files and demanding ransom. Attributed to the Russia-based RomCom group, it exploits CVE-2023-36884 and other common infection vectors. The ransomware deletes shadow copies, modifies RemoteDesktop settin…
windows
encryption
2024-09-02
romcom
data leak
CVE-2023-36884
storm-0978
underground
Published: September 2, 2024
Downloadable IOCs: 4
Click here to see more Attack Reports