Exploring the SideWinder APT Group’s DNS Footprint
WhoisXML API found 570+ artifacts that could be connected to the SideWinder APT group. Download the threat research materials now.
Continue reading Download reportNew RomCom Variant Spotted: A Comparative and Expansion Analysis of IoCs
RomCom has once again evolved and been made stealthier as per its latest variant, Snipbot.
The new version was popularly used in attacks that led to data theft, while the previous variants were used to deliver ransomware. The victim pool included organizations across various sectors, including legal and IT services.1
The WXA research team sought to compare the list of IoCs of the three latest versions—RomCom 3.0,2 RomCom 4.0,3 and Snipbot.4 We also expanded the list of IoCs to uncover more potentially connected artifacts. Using WHOIS, IP, and DNS intelligence, our analysis led to the discovery of:
- 20 email-connected domains, some were found to be malicious
- 27 additional IP addresses, all of which were found to be malicious
- 122 IP-connected domains, some were found to be malicious
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.bleepingcomputer.com/news/security/new-romcom-malware-variant-snipbot-spotted-in-data-theft-attacks/
- [2] https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/void-rabisu%E2%80%99s-use-of-romcom-backdoor-shows-a-growing-shift-in-threat-actors%E2%80%99-goals-/ioc-list-void-rabisus-use-of-romcom-backdoor-shows-a-growing-shift-in-threat-actors-goals.txt
- [3] https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/j/void-rabisu-targets-female-political-leaders/ioc-void-rabisu-targets-female-political-leaders-with-new-slimmed-down-ROMCOM-variant.txt
- [4] https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/