From 79210345d06d13299942fe55d0f644511afeaf8e Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Wed, 6 Dec 2023 17:42:33 -0800 Subject: [PATCH] [threat-actors] Add RomCom aliases --- clusters/threat-actor.json | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 51b059a..2820e30 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -11185,11 +11185,19 @@ "value": "APT-C-60" }, { - "description": "RomCom", + "description": "ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They have targeted organizations in Ukraine and NATO countries, including military personnel, government agencies, and political leaders. The ROMCOM backdoor is capable of stealing sensitive information and deploying other malware, showcasing the group's adaptability and growing sophistication.", "meta": { "refs": [ "https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass", - "https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries" + "https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries", + "https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html", + "https://labs.k7computing.com/index.php/romcom-rat-not-your-typical-love-story/", + "https://blogs.blackberry.com/en/2023/07/decoding-romcom-behaviors-and-opportunities-for-detection", + "https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html" + ], + "country": "RU", + "synonyms": [ + "Storm-0978" ] }, "uuid": "ba9e1ed2-e142-48d0-a593-f73ac6d59ccd",