From 9ac53e5d5e5d02823ae60c9f05c969e192aefdea Mon Sep 17 00:00:00 2001 From: Thomas Dupuy Date: Fri, 4 Nov 2022 02:34:10 +0000 Subject: [PATCH] Add RomCom TA. --- clusters/threat-actor.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 0a0b740..767fd4b 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9859,7 +9859,18 @@ }, "uuid": "6a83b2bf-0c51-4c9b-89b0-35df7cab1dd5", "value": "APT-Q-12" + }, + { + "description": "RomCom", + "meta": { + "refs": [ + "https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass", + "https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries" + ] + }, + "uuid": "ba9e1ed2-e142-48d0-a593-f73ac6d59ccd", + "value": "RomCom" } ], - "version": 250 + "version": 251 }