← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit
WHITE RomCom goatluxy 2023-07-13 Modified: 2023-08-10
38
IOCs
MEDIUM VOLUME
primary articlecybersecurityukrainenato summitsha256romcomfile namedatemodify dateip addressipv4romcom threatromcom ratfalsejunenextiframe
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RomCom
Indicators of Compromise (38)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2022-30190 2023-07-13
FileHash-MD5 00ad6d892612d1fc3fa41fdc803cc0f3 MD5 of 3a3138c5add59d2172ad33bc6761f2f82ba344f3d03a2269c623f22c1a35df97 2023-07-13
FileHash-MD5 3ca154da4b786a7c89704d0447a03527 MD5 of e7cfeb023c3160a7366f209a16a6f6ea5a0bc9a3ddc16c6cba758114dfe6b539 2023-07-13
FileHash-MD5 6f47723e5fc6e96ab5e9f96f6bc585fa MD5 of 0501d09a219131657c54dba71faf2b9d793e466f2c7fdf6b0b3c50ec5b866b2a 2023-07-13
FileHash-MD5 d227874863036b8e73a3894a19bd25a0 MD5 of a61b2eafcf39715031357df6b01e85e0d1ea2e8ee1dfec241b114e18f7a1163f 2023-07-13
FileHash-MD5 f4959e947cee62a3fa34d9c191dd9351 2023-07-13
FileHash-SHA1 04e3be2ff570eb1a479925560103af5d22961983 SHA1 of 0501d09a219131657c54dba71faf2b9d793e466f2c7fdf6b0b3c50ec5b866b2a 2023-07-13
FileHash-SHA1 2400b169ee2c38ac146c67408debc9b4fa4fca5f SHA1 of a61b2eafcf39715031357df6b01e85e0d1ea2e8ee1dfec241b114e18f7a1163f 2023-07-13
FileHash-SHA1 3de83c6298a7dc6312c352d4984be8e1cb698476 SHA1 of 3a3138c5add59d2172ad33bc6761f2f82ba344f3d03a2269c623f22c1a35df97 2023-07-13
FileHash-SHA1 98bb203c44421c89cdbbb54ea05602255ce7a61e SHA1 of e7cfeb023c3160a7366f209a16a6f6ea5a0bc9a3ddc16c6cba758114dfe6b539 2023-07-13
FileHash-SHA256 0501d09a219131657c54dba71faf2b9d793e466f2c7fdf6b0b3c50ec5b866b2a 2023-07-13
FileHash-SHA256 07377209fe68a98e9bca310d9749daa4eb79558e9fc419cf0b02a9e37679038d 2023-07-13
FileHash-SHA256 1a7bb878c826fe0ca9a0677ed072ee9a57a228a09ee02b3c5bd00f54f354930f 2023-07-13
FileHash-SHA256 3a3138c5add59d2172ad33bc6761f2f82ba344f3d03a2269c623f22c1a35df97 2023-07-13
FileHash-SHA256 a61b2eafcf39715031357df6b01e85e0d1ea2e8ee1dfec241b114e18f7a1163f 2023-07-13
FileHash-SHA256 e7cfeb023c3160a7366f209a16a6f6ea5a0bc9a3ddc16c6cba758114dfe6b539 2023-07-13
URL http://104.234.239.26/share1/MSHTML_C7 2023-07-13
URL http://104.234.239.26/share1/MSHTML_C7/1/99.99.99.99_a15fa_file001.htm?d=99.99.99.99_ 2023-07-13
URL http://65.21.27.250:8080 2023-07-13
URL http://65.21.27.250:8080/mds/O--------------------------http://65.21.27.250:8080/mds/D--------------------------http://65.21.27.250:8080/mds/S-------------------------- 2023-07-13
URL http://74.50.94.156/MSHTML_C7/o2010.asp?d=99.99.99.99* 2023-07-13
URL http://74.50.94.156/MSHTML_C7/start.xml 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k.asp?d=34.141.245.25_f68f9_ 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k.asp?d=99.99.99.99. 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k2.asp?d=34.141.245.25_f68f9_ 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k2.asp?d=99.99.99.99. 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k3.asp?d=34.141.245.25_f68f9_ 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k3.asp?d=99.99.99.99. 2023-07-13
URL http://74.50.94.156/share1/MSHTML_C7/1/ dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f 2023-07-13
URL http://finformservice.com:80/api/v1.5/ 2023-07-13
URL http://finformservice.com:80/api/v1.5/subscriptiontoken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzNDU2Nzg5LCJuYW1lIjoiSm9zZXBoI 2023-07-13
domain altimata.org 2023-07-13
domain bentaxworld.com 2023-07-13
domain finformservice.com 2023-07-13
domain penofach.com 2023-07-13
domain ukrainianworldcongress.info 2023-07-13
domain ukrainianworldcongress.org 2023-07-13
hostname dashboard.penofach.com 2023-07-13
References (1)
↗ https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit