← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom
WHITE AlienVault 2022-11-03 Modified: 2022-11-03
21
IOCs
MEDIUM VOLUME
A threat actor known as RomCom is targeting UK-speaking countries, including the United Kingdom, through spoofed versions of SolarWinds, KeePass and PDF Reader Pro, according to BlackBerry.
romcomratsolarwindskeepasspdfreader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RomCom
Indicators of Compromise (9 / 21 total)
All FileHash-MD5 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 246dfe16a9248d7fb90993f6f28b0ebe87964ffd2dcdb13105096cde025ca614 2022-11-03
FileHash-SHA256 3252965013ec861567510d54a97446610edba5da88648466de6b3145266386d9 2022-11-03
FileHash-SHA256 596eaef93bdcd00a3aedaf6ad6d46db4429eeba61219b7e01b1781ebbf6e321b 2022-11-03
FileHash-SHA256 5f187393acdeb67e76126353c74b6080d3e6ccf28ae580658c670d8b6e4aacc1 2022-11-03
FileHash-SHA256 8b8dff5d30802fd79b76ee1531e7d050184a07570201ef1cd83a7bb8fa627cb0 2022-11-03
FileHash-SHA256 9d3b268416d3fab4322cc916d32e0b2e8fa0de370acd686873d1522306124fd2 2022-11-03
FileHash-SHA256 abe9635adbfee2d2fbaea140625c49abe3baa29c44fb53a65a9cda02121583ee 2022-11-03
FileHash-SHA256 ac09cbfee4cf89d7b7a755c387e473249684f18aa699eb651d119d19e25bff34 2022-11-03
FileHash-SHA256 f7013ce417fcba0f36c4b9bf5f8f6e0e2b14d6ed33ff4d384c892773508e932e 2022-11-03
References (1)
↗ https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass