← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Inside SnipBot: The Latest RomCom Malware Variant
WHITE CyberHunter_NL 2024-09-24 Modified: 2024-10-24
41
IOCs
MEDIUM VOLUME
Palo Alto Networks has discovered a new strain of the RomCom malware family that employs new tricks to evade detection and evade attack, which it believes is related to a major intelligence-gathering operation.
c2 serversnipbotlocalappdatasha256romcomdownloadpdf filepublicsnipbot malwarec2 domainexplorervirustotalwinraraprilfebruarymainukrainealliancedesktopopengeneric
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RomCom SnipBot
Indicators of Compromise (41)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2024-3400 2024-09-24
FileHash-MD5 7f2e4a44445b977ef8917cc0fb79035b MD5 of 0be3116a3edc063283f3693591c388eec67801cdd140a90c4270679e01677501 2024-09-24
FileHash-MD5 c0e499402acb6c302228b4a7923d5db6 MD5 of 57e59b156a3ff2a3333075baef684f49c63069d296b3b036ced9ed781fd42312 2024-09-24
FileHash-SHA1 983332a5660ec6c28123e745023b41105775ab6f SHA1 of 0be3116a3edc063283f3693591c388eec67801cdd140a90c4270679e01677501 2024-09-24
FileHash-SHA1 cb3d3a7e39e7cdc8501ae0eff77d02a1c995bc31 SHA1 of 57e59b156a3ff2a3333075baef684f49c63069d296b3b036ced9ed781fd42312 2024-09-24
FileHash-SHA256 0be3116a3edc063283f3693591c388eec67801cdd140a90c4270679e01677501 2024-09-24
FileHash-SHA256 1cb4ff70f69c988196052eaacf438b1d453bbfb08392e1db3df97c82ed35c154 2024-09-24
FileHash-SHA256 2c327087b063e89c376fd84d48af7b855e686936765876da2433485d496cb3a4 2024-09-24
FileHash-SHA256 5390ba094cf556f9d7bbb00f90c9ca9e04044847c3293d6e468cb0aaeb688129 2024-09-24
FileHash-SHA256 57e59b156a3ff2a3333075baef684f49c63069d296b3b036ced9ed781fd42312 2024-09-24
FileHash-SHA256 5b30a5b71ef795e07c91b7a43b3c1113894a82ddffc212a2fa71eebc078f5118 2024-09-24
FileHash-SHA256 5c71601717bed14da74980ad554ad35d751691b2510653223c699e1f006195b8 2024-09-24
FileHash-SHA256 60d96087c35dadca805b9f0ad1e53b414bcd3341d25d36e0190f1b2bbfd66315 2024-09-24
FileHash-SHA256 92c8b63b2dd31cf3ac6512f0da60dabd0ce179023ab68b8838e7dc16ef7e363d 2024-09-24
FileHash-SHA256 9f635fa106dbe7181b4162266379703b3fdf53408e5b8faa6aeee08f1965d3a2 2024-09-24
FileHash-SHA256 a2f2e88a5e2a3d81f4b130a2f93fb60b3de34550a7332895a084099d99a3d436 2024-09-24
FileHash-SHA256 b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045 2024-09-24
FileHash-SHA256 cfb1e3cc05d575b86db6c85267a52d8f1e6785b106797319a72dd6d19b4dc317 2024-09-24
FileHash-SHA256 e5812860a92edca97a2a04a3151d1247c066ed29ae6bbcf327d713fbad7e79e8 2024-09-24
FileHash-SHA256 f74ebf0506dc3aebc9ba6ca1e7460d9d84543d7dadb5e9912b86b843e8a5b671 2024-09-24
URL http://adobe.cloudcreative.digital/downloads/adobe/fontpackage/ 2024-09-24
domain certifysop.com 2024-09-24
domain cethernet.com 2024-09-24
domain cloudcreative.digital 2024-09-24
domain dns-msn.com 2024-09-24
domain docstorage.link 2024-09-24
domain drv2ms.com 2024-09-24
domain drvmcprotect.com 2024-09-24
domain fastshare.click 2024-09-24
domain fileshare.direct 2024-09-24
domain ilogicflow.com 2024-09-24
domain linedrv.com 2024-09-24
domain mcprotect.cloud 2024-09-24
domain olminx.com 2024-09-24
domain publicshare.link 2024-09-24
domain sitepanel.top 2024-09-24
domain webtimeapi.com 2024-09-24
domain xeontime.com 2024-09-24
hostname 1drv.fileshare.direct 2024-09-24
hostname adobe.cloudcreative.digital 2024-09-24
URL http://temp.sh/VwnkO/AdobeFontPackCx6416.exe 2024-09-24
References (1)
↗ https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/