ioc[.]one - OSINT Cyber Threat Intelligence Database

RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039)

Tags

country:	Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Impersonation - T1656 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	31cada44-105e-487b-b6de-1631ccece560
Fingerprint	b7a01d106907eee8
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 27, 2024, 1:45 p.m.
Added to db	Nov. 27, 2024, 3:39 p.m.
Last updated	Dec. 18, 2024, 11:44 p.m.
Headline	RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039)
Title	RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039)
Detected Hints/Tags/Attributes	57/3/36

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/romcom-backdoor-attacks-use-zero-day-exploits-in-mozilla-and-windows-cve-2024-9680-cve-2024-49039/88782

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	88	cve-2024-9680
Details	CVE	80	cve-2024-49039
Details	Domain	5	redircorrectiv.com
Details	Domain	5	devolredir.com
Details	Domain	6	journalctd.live
Details	Domain	6	correctiv.sbs
Details	Domain	6	cwise.store
Details	Domain	5	redirconnectwise.cloud
Details	Domain	6	redjournal.cloud
Details	Domain	5	1drv.us.com
Details	Domain	6	economistjournal.cloud
Details	Domain	101	socradar.io
Details	File	14	utils.js
Details	File	4	main-tor.js
Details	File	3	main-128.js
Details	File	3	main-129.js
Details	File	4	poclowil.dll
Details	sha1	4	a4aad0e2ac1ee0c8dd25968fa4631805689757b6
Details	sha1	4	ca6f8966a3b2640f49b19434ba8c21832e77a031
Details	sha1	4	21918cfd17b378eb4152910f1246d2446f9b5b11
Details	sha1	4	703a25f053e356eb6ece4d16a048344c55dc89fd
Details	sha1	5	abb54c4751f97a9fc1c9598fed1ec9fb9e6b1db6
Details	sha1	4	a9d445b77f6f4e90c29e385264d4b1b95947add5
Details	IPv4	5	194.87.189.171
Details	IPv4	5	178.236.246.241
Details	IPv4	5	62.60.238.81
Details	IPv4	5	147.45.78.102
Details	IPv4	5	46.226.163.67
Details	IPv4	5	62.60.237.116
Details	IPv4	5	62.60.237.38
Details	IPv4	5	194.87.189.19
Details	IPv4	5	45.138.74.238
Details	IPv4	5	176.124.206.88
Details	Mandiant Uncategorized Groups	40	UNC2596
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	97	Storm-0978
Details	Url	2	https://socradar.io/romcom-backdoor-attacks-mozilla-and-windows