Pulse Detail — Threat Intelligence

PULSE NAME

RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom

WHITE AlienVault 2022-11-03 Modified: 2022-11-03

IOCs

MEDIUM VOLUME

A threat actor known as RomCom is targeting UK-speaking countries, including the United Kingdom, through spoofed versions of SolarWinds, KeePass and PDF Reader Pro, according to BlackBerry.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1199 T1110 T1218

MALWARE FAMILIES

RomCom

Indicators of Compromise (21)

All FileHash-MD5 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	1a21a1e626fd342e794bcc3b06981d2c	—	2022-11-03
FileHash-MD5	4e4eca58b896bdb6db260f21edc7760a	—	2022-11-03
FileHash-MD5	550f42c5b555893d171285dc8b15b4b5	—	2022-11-03
FileHash-MD5	6310a2063687800559ae9d65cff21b0a	—	2022-11-03
FileHash-MD5	7c003b4f8b3c0ab0c3f8cb933e93d301	—	2022-11-03
FileHash-MD5	8284421bbb94f3c37f94899cdcd19afd	—	2022-11-03
FileHash-MD5	a7172aef66bb12e1bb40a557bb41e607	—	2022-11-03
FileHash-MD5	cb933f1c913144a8ca6cfcfd913d6d28	—	2022-11-03
FileHash-MD5	d1a84706767bfb802632a262912e95a8	—	2022-11-03
FileHash-SHA256	246dfe16a9248d7fb90993f6f28b0ebe87964ffd2dcdb13105096cde025ca614	—	2022-11-03
FileHash-SHA256	3252965013ec861567510d54a97446610edba5da88648466de6b3145266386d9	—	2022-11-03
FileHash-SHA256	596eaef93bdcd00a3aedaf6ad6d46db4429eeba61219b7e01b1781ebbf6e321b	—	2022-11-03
FileHash-SHA256	5f187393acdeb67e76126353c74b6080d3e6ccf28ae580658c670d8b6e4aacc1	—	2022-11-03
FileHash-SHA256	8b8dff5d30802fd79b76ee1531e7d050184a07570201ef1cd83a7bb8fa627cb0	—	2022-11-03
FileHash-SHA256	9d3b268416d3fab4322cc916d32e0b2e8fa0de370acd686873d1522306124fd2	—	2022-11-03
FileHash-SHA256	abe9635adbfee2d2fbaea140625c49abe3baa29c44fb53a65a9cda02121583ee	—	2022-11-03
FileHash-SHA256	ac09cbfee4cf89d7b7a755c387e473249684f18aa699eb651d119d19e25bff34	—	2022-11-03
FileHash-SHA256	f7013ce417fcba0f36c4b9bf5f8f6e0e2b14d6ed33ff4d384c892773508e932e	—	2022-11-03
domain	combinedresidency.org	—	2022-11-03
domain	dgtlocean.com	—	2022-11-03
domain	you-supported.com	—	2022-11-03

References (1)

↗ https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass