RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) - SOCRadar® Cyber Intelligence Inc.
Tags
country: | Ukraine |
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Impersonation - T1656 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Vulnerabilities - T1588.006 |
Common Information
Type | Value |
---|---|
UUID | 5c4031b7-ff49-41e6-8559-42900b9290ba |
Fingerprint | b7a019104b07efe8 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Nov. 27, 2024, 4:43 p.m. |
Added to db | Nov. 27, 2024, 3:40 p.m. |
Last updated | Dec. 4, 2024, 11:52 a.m. |
Headline | RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) |
Title | RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) - SOCRadar® Cyber Intelligence Inc. |
Detected Hints/Tags/Attributes | 58/3/34 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://socradar.io/romcom-backdoor-attacks-mozilla-and-windows/ |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 238 | ✔ | SOCRadar® Cyber Intelligence Inc. | https://socradar.io/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 87 | cve-2024-9680 |
|
Details | CVE | 77 | cve-2024-49039 |
|
Details | Domain | 5 | redircorrectiv.com |
|
Details | Domain | 5 | devolredir.com |
|
Details | Domain | 6 | journalctd.live |
|
Details | Domain | 6 | correctiv.sbs |
|
Details | Domain | 6 | cwise.store |
|
Details | Domain | 5 | redirconnectwise.cloud |
|
Details | Domain | 6 | redjournal.cloud |
|
Details | Domain | 5 | 1drv.us.com |
|
Details | Domain | 6 | economistjournal.cloud |
|
Details | File | 14 | utils.js |
|
Details | File | 4 | main-tor.js |
|
Details | File | 3 | main-128.js |
|
Details | File | 3 | main-129.js |
|
Details | File | 4 | poclowil.dll |
|
Details | sha1 | 4 | a4aad0e2ac1ee0c8dd25968fa4631805689757b6 |
|
Details | sha1 | 4 | ca6f8966a3b2640f49b19434ba8c21832e77a031 |
|
Details | sha1 | 4 | 21918cfd17b378eb4152910f1246d2446f9b5b11 |
|
Details | sha1 | 4 | 703a25f053e356eb6ece4d16a048344c55dc89fd |
|
Details | sha1 | 5 | abb54c4751f97a9fc1c9598fed1ec9fb9e6b1db6 |
|
Details | sha1 | 4 | a9d445b77f6f4e90c29e385264d4b1b95947add5 |
|
Details | IPv4 | 5 | 194.87.189.171 |
|
Details | IPv4 | 5 | 178.236.246.241 |
|
Details | IPv4 | 5 | 62.60.238.81 |
|
Details | IPv4 | 5 | 147.45.78.102 |
|
Details | IPv4 | 5 | 46.226.163.67 |
|
Details | IPv4 | 5 | 62.60.237.116 |
|
Details | IPv4 | 5 | 62.60.237.38 |
|
Details | IPv4 | 5 | 194.87.189.19 |
|
Details | IPv4 | 5 | 45.138.74.238 |
|
Details | IPv4 | 5 | 176.124.206.88 |
|
Details | Mandiant Uncategorized Groups | 40 | UNC2596 |
|
Details | Microsoft Threat Actor Naming Taxonomy (Groups in development) | 96 | Storm-0978 |