RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039)
Common Information
Type Value
UUID 31cada44-105e-487b-b6de-1631ccece560
Fingerprint b7a01d106907eee8
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 27, 2024, 1:45 p.m.
Added to db Nov. 27, 2024, 3:39 p.m.
Last updated Dec. 4, 2024, 3:50 p.m.
Headline RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039)
Title RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039)
Detected Hints/Tags/Attributes 57/3/36
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 87
cve-2024-9680
Details CVE 77
cve-2024-49039
Details Domain 5
redircorrectiv.com
Details Domain 5
devolredir.com
Details Domain 6
journalctd.live
Details Domain 6
correctiv.sbs
Details Domain 6
cwise.store
Details Domain 5
redirconnectwise.cloud
Details Domain 6
redjournal.cloud
Details Domain 5
1drv.us.com
Details Domain 6
economistjournal.cloud
Details Domain 99
socradar.io
Details File 14
utils.js
Details File 4
main-tor.js
Details File 3
main-128.js
Details File 3
main-129.js
Details File 4
poclowil.dll
Details sha1 4
a4aad0e2ac1ee0c8dd25968fa4631805689757b6
Details sha1 4
ca6f8966a3b2640f49b19434ba8c21832e77a031
Details sha1 4
21918cfd17b378eb4152910f1246d2446f9b5b11
Details sha1 4
703a25f053e356eb6ece4d16a048344c55dc89fd
Details sha1 5
abb54c4751f97a9fc1c9598fed1ec9fb9e6b1db6
Details sha1 4
a9d445b77f6f4e90c29e385264d4b1b95947add5
Details IPv4 5
194.87.189.171
Details IPv4 5
178.236.246.241
Details IPv4 5
62.60.238.81
Details IPv4 5
147.45.78.102
Details IPv4 5
46.226.163.67
Details IPv4 5
62.60.237.116
Details IPv4 5
62.60.237.38
Details IPv4 5
194.87.189.19
Details IPv4 5
45.138.74.238
Details IPv4 5
176.124.206.88
Details Mandiant Uncategorized Groups 40
UNC2596
Details Microsoft Threat Actor Naming Taxonomy (Groups in development) 96
Storm-0978
Details Url 2
https://socradar.io/romcom-backdoor-attacks-mozilla-and-windows