← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit
WHITE RomCom goatluxy 2023-07-13 Modified: 2023-08-10
38
IOCs
MEDIUM VOLUME
primary articlecybersecurityukrainenato summitsha256romcomfile namedatemodify dateip addressipv4romcom threatromcom ratfalsejunenextiframe
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RomCom
Indicators of Compromise (15 / 38 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://104.234.239.26/share1/MSHTML_C7 2023-07-13
URL http://104.234.239.26/share1/MSHTML_C7/1/99.99.99.99_a15fa_file001.htm?d=99.99.99.99_ 2023-07-13
URL http://65.21.27.250:8080 2023-07-13
URL http://65.21.27.250:8080/mds/O--------------------------http://65.21.27.250:8080/mds/D--------------------------http://65.21.27.250:8080/mds/S-------------------------- 2023-07-13
URL http://74.50.94.156/MSHTML_C7/o2010.asp?d=99.99.99.99* 2023-07-13
URL http://74.50.94.156/MSHTML_C7/start.xml 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k.asp?d=34.141.245.25_f68f9_ 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k.asp?d=99.99.99.99. 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k2.asp?d=34.141.245.25_f68f9_ 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k2.asp?d=99.99.99.99. 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k3.asp?d=34.141.245.25_f68f9_ 2023-07-13
URL http://74.50.94.156/MSHTML_C7/zip_k3.asp?d=99.99.99.99. 2023-07-13
URL http://74.50.94.156/share1/MSHTML_C7/1/ dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f 2023-07-13
URL http://finformservice.com:80/api/v1.5/ 2023-07-13
URL http://finformservice.com:80/api/v1.5/subscriptiontoken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzNDU2Nzg5LCJuYW1lIjoiSm9zZXBoI 2023-07-13
References (1)
↗ https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit