← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Inside SnipBot: The Latest RomCom Malware Variant
WHITE CyberHunter_NL 2024-09-24 Modified: 2024-10-24
41
IOCs
MEDIUM VOLUME
Palo Alto Networks has discovered a new strain of the RomCom malware family that employs new tricks to evade detection and evade attack, which it believes is related to a major intelligence-gathering operation.
c2 serversnipbotlocalappdatasha256romcomdownloadpdf filepublicsnipbot malwarec2 domainexplorervirustotalwinraraprilfebruarymainukrainealliancedesktopopengeneric
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RomCom SnipBot
Indicators of Compromise (2 / 41 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 983332a5660ec6c28123e745023b41105775ab6f SHA1 of 0be3116a3edc063283f3693591c388eec67801cdd140a90c4270679e01677501 2024-09-24
FileHash-SHA1 cb3d3a7e39e7cdc8501ae0eff77d02a1c995bc31 SHA1 of 57e59b156a3ff2a3333075baef684f49c63069d296b3b036ced9ed781fd42312 2024-09-24
References (1)
↗ https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/