← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Inside SnipBot: The Latest RomCom Malware Variant
WHITE ghitansilviu@gmail.com 2024-09-30 Modified: 2024-10-30
56
IOCs
HIGH VOLUME
Palo Alto Networks has discovered a new strain of the RomCom malware family that employs new tricks to evade detection and evade attack, which it believes is related to a major intelligence-gathering operation.
c2 serversnipbotlocalappdatasha256romcomdownloadpdf filepublicsnipbot malwarec2 domainexplorervirustotalwinraraprilfebruarymainukrainealliancedesktopopengeneric
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RomCom SnipBot
Indicators of Compromise (56)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2024-3400 2024-09-30
FileHash-MD5 0cd8736a915e8e32ddeda21ed462670b MD5 of cfb1e3cc05d575b86db6c85267a52d8f1e6785b106797319a72dd6d19b4dc317 2024-09-30
FileHash-MD5 36d4903ffafa75c00460292881b5dad7 MD5 of 5c71601717bed14da74980ad554ad35d751691b2510653223c699e1f006195b8 2024-09-30
FileHash-MD5 43cc1f2f07c1c1c7f69075d81332f95e MD5 of 5b30a5b71ef795e07c91b7a43b3c1113894a82ddffc212a2fa71eebc078f5118 2024-09-30
FileHash-MD5 524dda2410cc7ee8cc326ca42cebd7dd MD5 of a2f2e88a5e2a3d81f4b130a2f93fb60b3de34550a7332895a084099d99a3d436 2024-09-30
FileHash-MD5 5d3e1102a61fc139018465a844b83652 MD5 of f74ebf0506dc3aebc9ba6ca1e7460d9d84543d7dadb5e9912b86b843e8a5b671 2024-09-30
FileHash-MD5 6fa6dd331844ee5cfe20c74353c1e442 MD5 of 5390ba094cf556f9d7bbb00f90c9ca9e04044847c3293d6e468cb0aaeb688129 2024-09-30
FileHash-MD5 7f2e4a44445b977ef8917cc0fb79035b MD5 of 0be3116a3edc063283f3693591c388eec67801cdd140a90c4270679e01677501 2024-09-30
FileHash-MD5 c0e499402acb6c302228b4a7923d5db6 MD5 of 57e59b156a3ff2a3333075baef684f49c63069d296b3b036ced9ed781fd42312 2024-09-30
FileHash-MD5 d69cf309cb0e5d91237c6454e0e0dc45 MD5 of 2c327087b063e89c376fd84d48af7b855e686936765876da2433485d496cb3a4 2024-09-30
FileHash-MD5 fa400cb70d13cb329d05877b8fe73ed5 MD5 of b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045 2024-09-30
FileHash-SHA1 0fa5bfed7dafbe248f436a6b6ca4b08e7e859fd4 SHA1 of b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045 2024-09-30
FileHash-SHA1 16572311d9007d226f2e6d0abc3b980ffbc7521d SHA1 of 5390ba094cf556f9d7bbb00f90c9ca9e04044847c3293d6e468cb0aaeb688129 2024-09-30
FileHash-SHA1 42673214d773b6af23944a65f47d2841bad75de7 SHA1 of a2f2e88a5e2a3d81f4b130a2f93fb60b3de34550a7332895a084099d99a3d436 2024-09-30
FileHash-SHA1 520be5d84f7831854e5cb6eeebcafd55c3954aa6 SHA1 of 5b30a5b71ef795e07c91b7a43b3c1113894a82ddffc212a2fa71eebc078f5118 2024-09-30
FileHash-SHA1 55aa2f684faa55b69fd559a142acee593ddf863c SHA1 of 5c71601717bed14da74980ad554ad35d751691b2510653223c699e1f006195b8 2024-09-30
FileHash-SHA1 8cee4097fab131c00659cea09ff4c920be823a19 SHA1 of f74ebf0506dc3aebc9ba6ca1e7460d9d84543d7dadb5e9912b86b843e8a5b671 2024-09-30
FileHash-SHA1 94fe1c6de60134ca6c0b9a36bba72aeb6c27bf6b SHA1 of cfb1e3cc05d575b86db6c85267a52d8f1e6785b106797319a72dd6d19b4dc317 2024-09-30
FileHash-SHA1 983332a5660ec6c28123e745023b41105775ab6f SHA1 of 0be3116a3edc063283f3693591c388eec67801cdd140a90c4270679e01677501 2024-09-30
FileHash-SHA1 b37640cc1ef9354808562ced599a5ff0923156ac SHA1 of 2c327087b063e89c376fd84d48af7b855e686936765876da2433485d496cb3a4 2024-09-30
FileHash-SHA1 cb3d3a7e39e7cdc8501ae0eff77d02a1c995bc31 SHA1 of 57e59b156a3ff2a3333075baef684f49c63069d296b3b036ced9ed781fd42312 2024-09-30
FileHash-SHA256 0be3116a3edc063283f3693591c388eec67801cdd140a90c4270679e01677501 2024-09-30
FileHash-SHA256 1cb4ff70f69c988196052eaacf438b1d453bbfb08392e1db3df97c82ed35c154 2024-09-30
FileHash-SHA256 2c327087b063e89c376fd84d48af7b855e686936765876da2433485d496cb3a4 2024-09-30
FileHash-SHA256 5390ba094cf556f9d7bbb00f90c9ca9e04044847c3293d6e468cb0aaeb688129 2024-09-30
FileHash-SHA256 57e59b156a3ff2a3333075baef684f49c63069d296b3b036ced9ed781fd42312 2024-09-30
FileHash-SHA256 5b30a5b71ef795e07c91b7a43b3c1113894a82ddffc212a2fa71eebc078f5118 2024-09-30
FileHash-SHA256 5c71601717bed14da74980ad554ad35d751691b2510653223c699e1f006195b8 2024-09-30
FileHash-SHA256 60d96087c35dadca805b9f0ad1e53b414bcd3341d25d36e0190f1b2bbfd66315 2024-09-30
FileHash-SHA256 92c8b63b2dd31cf3ac6512f0da60dabd0ce179023ab68b8838e7dc16ef7e363d 2024-09-30
FileHash-SHA256 9f635fa106dbe7181b4162266379703b3fdf53408e5b8faa6aeee08f1965d3a2 2024-09-30
FileHash-SHA256 a2f2e88a5e2a3d81f4b130a2f93fb60b3de34550a7332895a084099d99a3d436 2024-09-30
FileHash-SHA256 b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045 2024-09-30
FileHash-SHA256 cfb1e3cc05d575b86db6c85267a52d8f1e6785b106797319a72dd6d19b4dc317 2024-09-30
FileHash-SHA256 e5812860a92edca97a2a04a3151d1247c066ed29ae6bbcf327d713fbad7e79e8 2024-09-30
FileHash-SHA256 f74ebf0506dc3aebc9ba6ca1e7460d9d84543d7dadb5e9912b86b843e8a5b671 2024-09-30
URL http://adobe.cloudcreative.digital/downloads/adobe/fontpackage/ 2024-09-30
domain certifysop.com 2024-09-30
domain cethernet.com 2024-09-30
domain cloudcreative.digital 2024-09-30
domain dns-msn.com 2024-09-30
domain docstorage.link 2024-09-30
domain drv2ms.com 2024-09-30
domain drvmcprotect.com 2024-09-30
domain fastshare.click 2024-09-30
domain fileshare.direct 2024-09-30
domain ilogicflow.com 2024-09-30
domain linedrv.com 2024-09-30
domain mcprotect.cloud 2024-09-30
domain olminx.com 2024-09-30
domain publicshare.link 2024-09-30
domain sitepanel.top 2024-09-30
domain webtimeapi.com 2024-09-30
domain xeontime.com 2024-09-30
hostname 1drv.fileshare.direct 2024-09-30
hostname adobe.cloudcreative.digital 2024-09-30
References (1)
↗ https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/