← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals
WHITE Void Rabisu AlienVault 2023-05-30 Modified: 2023-06-29
88
IOCs
HIGH VOLUME
Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. Trend Micro researchers have discovered that the use of RomCom in recent attacks suggests that they have changed to geopolitical motivations.
espionagenatoukraineaptromcom
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ROMCOM RAT
Indicators of Compromise (3 / 88 total)
All domain FileHash-SHA256 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 fb73c97c17fdd5313a1a32dac5d0f226cee8f316 2023-05-30
FileHash-SHA1 af5c5274d7b850e0b95138580f98ff1f16845905 2023-05-30
FileHash-SHA1 607275dd0dd4e29542ef1a2c97475379a2e37cb8 2023-05-30
References (1)
↗ https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html