← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Inside SnipBot: The Latest RomCom Malware Variant
WHITE CyberHunter_NL 2024-09-24 Modified: 2024-10-24
41
IOCs
MEDIUM VOLUME
Palo Alto Networks has discovered a new strain of the RomCom malware family that employs new tricks to evade detection and evade attack, which it believes is related to a major intelligence-gathering operation.
c2 serversnipbotlocalappdatasha256romcomdownloadpdf filepublicsnipbot malwarec2 domainexplorervirustotalwinraraprilfebruarymainukrainealliancedesktopopengeneric
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RomCom SnipBot
Indicators of Compromise (2 / 41 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://adobe.cloudcreative.digital/downloads/adobe/fontpackage/ 2024-09-24
URL http://temp.sh/VwnkO/AdobeFontPackCx6416.exe 2024-09-24
References (1)
↗ https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/