ioc[.]one - OSINT Cyber Threat Intelligence Database

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

Tags

country:	Poland Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Archive Collected Data - T1560 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Protocol Tunneling - T1572 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Brute Force - T1110 Network Share Discovery - T1135 Powershell - T1086 Query Registry - T1012 System Network Configuration Discovery - T1016

Show in Graph

Common Information

Type	Value
UUID	cbf684ed-1b6b-4b90-82b9-04f85d111bd2
Fingerprint	acfc1939a5238689
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 17, 2024, 6 a.m.
Added to db	Oct. 17, 2024, 12:50 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Cisco Talos Blog
Title	UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
Detected Hints/Tags/Attributes	91/3/81

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/uat-5647-romcom/
Details	Source	https://malware.news/t/uat-5647-targets-ukrainian-and-polish-entities-with-romcom-malware-variants/87554

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news
Details	talosintelligence.com	blog.talosintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	68	✔	Cisco Talos Blog	https://blog.talosintelligence.com/rss/	2024-08-30 22:08
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	9	192.168.xxx.xxx
Details	Domain	1	recent.zip
Details	Domain	904	snort.org
Details	Domain	3	dnsresolver.online
Details	Domain	3	apisolving.com
Details	Domain	3	rdcservice.org
Details	Domain	5	webtimeapi.com
Details	Domain	3	wirelesszone.top
Details	Domain	3	devhubs.dev
Details	Domain	3	pos-st.top
Details	Domain	3	adcreative.pictures
Details	Domain	3	creativeadb.com
Details	Domain	3	copdaemi.top
Details	Domain	3	adbefnts.dev
Details	Domain	3	store-images.org
Details	File	1	virtualserverrpm.htm
Details	File	1	%public%\music\hkcu.txt
Details	File	1	%public%\pictures\hklm.txt
Details	File	4	d.zip
Details	File	1	c:\users\public\music\recent.zip
Details	File	6	keyprov.dll
Details	File	1260	explorer.exe
Details	File	2	libapi.dll
Details	sha256	3	12bf973b503296da400fd6f9e3a4c688f14d56ce82ffcfa9edddd7e4b6b93ba9
Details	sha256	3	260a6644ab63f392d090853ccd7c4d927aba3845ced473e13741152cdf274bbd
Details	sha256	3	9062d0f5f788bec4b487faf5f9b4bb450557e178ba114324ef7056a22b3fbe8b
Details	sha256	3	43a15c4ee10787997682b79a54ac49a90d26a126f5eeeb8569022850a2b96057
Details	sha256	3	aa09e9dca4994404a5f654be2a051c46f8799b0e987bcefef2b52412ac402105
Details	sha256	3	585ed48d4c0289ce66db669393889482ec29236dc3d04827604cf778c79fda36
Details	sha256	3	62f59766e62c7bd519621ba74f4d0ad122cca82179d022596b38bd76c7a430c4
Details	sha256	3	9fd5dee828c69e190e46763b818b1a14f147d1469dc577a99b759403a9dadf04
Details	sha256	3	b1fe8fbbb0b6de0f1dcd4146d674a71c511488a9eb4538689294bd782df040df
Details	sha256	3	7602e2c1ae27e1b36ee4aed357e505f14496f63db29fb4fcdd0d8a9db067a5c4
Details	sha256	3	f3fe04a7e8da68dc05acb7164b402ffc6675a478972cf624de84b3e2e4945b93
Details	sha256	3	10e1d453d4f9ca05ff6af3dcd7766a17ca1470ee89ba90feee5d52f8d2b18a4c
Details	sha256	3	a265ae8fed205efb5bcc2fb59e60f743f45b7ad402cb827bc98dee397069830c
Details	sha256	3	8104fdf9ff6be096b7e5011e362400ee8dd89d829c608be21eb1de959404b4b9
Details	sha256	3	b55f70467f13fbad6dde354d8653d1d6180788569496a50b06f2ece1f57a5e91
Details	sha256	3	bd25618f382fc032016e8c9bc61f0bc24993a06baf925d987dcec4881108ea2a
Details	sha256	3	78eaaf3d831df27a5bc4377536e73606cd84a89ea2da725f5d381536d5d920d8
Details	sha256	3	88a4b39fb0466ef9af2dcd49139eaff18309b32231a762b57ff9f778cc3d2dd7
Details	sha256	3	01ebc558aa7028723bebd8301fd110d01cbd66d9a8b04685afd4f04f76e7b80c
Details	sha256	3	7c9775b0f44419207b02e531c357fe02f5856c17dbd88b3f32ec748047014df8
Details	sha256	3	54ce280ec0f086d89ee338029f12cef8e1297ee740af76dda245a08cb91bab4d
Details	sha256	3	bf5f2bdc3d2acbfb218192710c8d27133bf51c1da1a778244617d3ba9c20e6f7
Details	sha256	3	fdbc6648c6f922ffcd2b351791099e893e183680fc86f48bf18815d8ae98a4f7
Details	sha256	3	ac9e3bf1cc87bc86318b258498572793d9fb082417e3f2ff17050cf6ec1d0bb5
Details	sha256	3	0a02901d364dc9d70b8fcdc8a2ec120b14f3c393186f99e2e4c5317db1edc889
Details	sha256	3	951b89f25f7d8be0619b1dfdcc63939b0792b63fa34ebfa9010f0055d009a2d3
Details	sha256	3	2e338a447b4ceaa00b99d742194d174243ca82830a03149028f9713d71fe9aab
Details	sha256	3	45adf6f32f9b3c398ee27f02427a55bb3df74687e378edcb7e23caf6a6f7bf2a
Details	sha256	6	b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045
Details	sha256	3	ce8b46370fd72d7684ad6ade16f868ac19f03b85e35317025511d6eeee288c64
Details	sha256	4	9f635fa106dbe7181b4162266379703b3fdf53408e5b8faa6aeee08f1965d3a2
Details	sha256	3	1fa96e7f3c26743295a6af7917837c98c1d6ac0da30a804fed820daace6f90b0
Details	sha256	3	dee849e0170184d3773077a9e7ce63d2b767bb19e85441d9c55ee44d6f129df9
Details	sha256	3	2474a6c6b3df3f1ac4eadcb8b2c70db289c066ec4b284ac632354e9dbe488e4d
Details	IPv4	3	193.42.36.131
Details	IPv4	1441	127.0.0.1
Details	IPv4	3	213.139.205.23
Details	IPv4	3	23.94.207.116
Details	IPv4	5	91.92.242.87
Details	IPv4	3	192.227.190.127
Details	IPv4	3	91.92.254.218
Details	IPv4	3	91.92.248.75
Details	IPv4	3	94.156.68.216
Details	IPv4	3	23.137.253.43
Details	IPv4	3	193.42.36.132
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	176	T1135
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	157	T1560
Details	Url	2	http://193.42.36.131:8088/help/lanarpbindinglisthelprpm.htm
Details	Url	3	http://apisolving.com:443/dkgittdjfip
Details	Url	3	http://wirelesszone.top:433/ofjddebdjas
Details	Url	3	http://adcreative.pictures:443/kjly1ul8imo
Details	Url	3	http://creativeadb.com:443/n9jtcp62ovc
Details	Windows Registry Key	5	HKCU\SOFTWARE\Classes\CLSID
Details	Windows Registry Key	1	HKEY_USERS\S-1-..-CLASSES\CLSID
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\AppDataSoft\Software