Romcom Remote Access Trojan

Malware updated a month ago (2024-11-29T14:36:41.968Z)
Download STIX
Preview STIX
The RomCom Remote Access Trojan (RAT) is a harmful malware that has been evolving and causing significant threats to cybersecurity. Based on the RomCom 3.0 version, it incorporates techniques seen in RomCom 4.0, resulting in the creation of RomCom 5.0. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to users. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In the past year, there has been an increase in activities involving the RomCom RAT, particularly by the Cuba ransomware actors. Reports suggest a possible connection between these actors, the RomCom RAT operators, and Industrial Spy ransomware actors. This alliance has expanded their Tactics, Techniques, and Procedures (TTPs), posing more sophisticated threats. Notably, cybersecurity experts also believe there is a relationship between the Cuba group and RomCom RAT operators. In a notable incident on October 16, 2023, a hacker group extended its reach from financially motivated attacks into cyber-espionage, targeting attendees of a gender equality conference with a pared-down version of the RomCom RAT. The threat actor likely used spear-phishing to distribute one of the malicious documents, embedding an RTF file and OLE objects to initiate an infection chain designed to harvest system information and deliver the RomCom RAT. This event underscores the increasing sophistication and broadening scope of cyber threats.
Description last updated: 2024-09-24T14:16:03.921Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
RomCom is a possible alias for Romcom Remote Access Trojan. RomCom, a malicious software, has been identified as a significant cyber threat. Reports from third-party and open-source intelligence since spring 2022 have indicated a connection between RomCom Remote Access Trojan (RAT) actors, Cuba ransomware actors, and Industrial Spy ransomware actors. The mal
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Cuba
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Romcom Remote Access Trojan Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more