MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2025-02-18 09:46:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add RomCom aliases

Browse source
This commit is contained in:
Mathieu Beligon 2023-12-06 17:42:33 -08:00
parent ebd216e315
commit 79210345d0
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/threat-actor.json
View file

@ -11185,11 +11185,19 @@
"value": "APT-C-60"
},
{
"description": "RomCom",
"description": "ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They have targeted organizations in Ukraine and NATO countries, including military personnel, government agencies, and political leaders. The ROMCOM backdoor is capable of stealing sensitive information and deploying other malware, showcasing the group's adaptability and growing sophistication.",
"meta": {
"refs": [
"https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass",
"https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries"
"https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries",
"https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html",
"https://labs.k7computing.com/index.php/romcom-rat-not-your-typical-love-story/",
"https://blogs.blackberry.com/en/2023/07/decoding-romcom-behaviors-and-opportunities-for-detection",
"https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html"
],
"country": "RU",
"synonyms": [
"Storm-0978"
]
},
"uuid": "ba9e1ed2-e142-48d0-a593-f73ac6d59ccd",