RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) - SOCRadar® Cyber Intelligence Inc.
Common Information
Type Value
UUID 5c4031b7-ff49-41e6-8559-42900b9290ba
Fingerprint b7a019104b07efe8
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 27, 2024, 4:43 p.m.
Added to db Nov. 27, 2024, 3:40 p.m.
Last updated Dec. 4, 2024, 11:52 a.m.
Headline RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039)
Title RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039) - SOCRadar® Cyber Intelligence Inc.
Detected Hints/Tags/Attributes 58/3/34
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 238 SOCRadar® Cyber Intelligence Inc. https://socradar.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 87
cve-2024-9680
Details CVE 77
cve-2024-49039
Details Domain 5
redircorrectiv.com
Details Domain 5
devolredir.com
Details Domain 6
journalctd.live
Details Domain 6
correctiv.sbs
Details Domain 6
cwise.store
Details Domain 5
redirconnectwise.cloud
Details Domain 6
redjournal.cloud
Details Domain 5
1drv.us.com
Details Domain 6
economistjournal.cloud
Details File 14
utils.js
Details File 4
main-tor.js
Details File 3
main-128.js
Details File 3
main-129.js
Details File 4
poclowil.dll
Details sha1 4
a4aad0e2ac1ee0c8dd25968fa4631805689757b6
Details sha1 4
ca6f8966a3b2640f49b19434ba8c21832e77a031
Details sha1 4
21918cfd17b378eb4152910f1246d2446f9b5b11
Details sha1 4
703a25f053e356eb6ece4d16a048344c55dc89fd
Details sha1 5
abb54c4751f97a9fc1c9598fed1ec9fb9e6b1db6
Details sha1 4
a9d445b77f6f4e90c29e385264d4b1b95947add5
Details IPv4 5
194.87.189.171
Details IPv4 5
178.236.246.241
Details IPv4 5
62.60.238.81
Details IPv4 5
147.45.78.102
Details IPv4 5
46.226.163.67
Details IPv4 5
62.60.237.116
Details IPv4 5
62.60.237.38
Details IPv4 5
194.87.189.19
Details IPv4 5
45.138.74.238
Details IPv4 5
176.124.206.88
Details Mandiant Uncategorized Groups 40
UNC2596
Details Microsoft Threat Actor Naming Taxonomy (Groups in development) 96
Storm-0978