10 Things I Hate About Attribution: RomCom vs. TransferLoader

216.73.217.22

10 Things I Hate About Attribution: RomCom vs. TransferLoader

· Published 01/07/2025 08:07 · Modified 01/07/2025 08:36

Essential information

Published: 01/07/2025 08:07
Modified: 01/07/2025 08:36
Tags: 2025-07-01 dustyhammock hellcat meltingclaw morpheus ransomware romcom rustyclaw shadyhammock singlecamper slipscreen transferloader
Related entities: 103 observables, 1 intrusion sets (apt), 19 techniques (mitre), 9 malware, 7 others

Description

This report analyzes the activities of two threat actor clusters: TA829 and UNK_GreenSec. TA829 conducts both espionage and cybercrime operations using tools like SingleCamper and DustyHammock. UNK_GreenSec deploys TransferLoader malware leading to ransomware infections. The actors share similarities in infrastructure, delivery tactics, and lure themes, raising questions about their relationship. Four hypotheses are presented regarding their potential connection, ranging from shared third-party services to being the same actor. The report highlights the increasing overlap between cybercrime and espionage activities, making attribution more challenging in the current threat landscape.

Related entities

ms.share-onedr.com
workspace-doc.live
temptransfer.live
supportcausems.com
site-staff.sale
share-pdf.live
share-doc.live
pdfshare.click
onlinedrive.click
opendnsapi.net
onestorelink.live
onelivedrv.com
onefile.social
onedrivems.works
onedrweb.live
onedrivems.cloud
onedrivecloud.net
onedrivecloud.live
onedrivecloud.expert
onedrivecloud.click
onedr.expert
ondv.live
ondrve.live
myonedrive365.live
mydrv1.live
my1drv.live
my1drv.online
msvhost.com
my-356drv.online
mspdf.live
mngersrv.com
livestorage.click
lauradream.com
healthfy.bio
gworkspace.social
gdrvdocs.online
gdrive-share.online
gdl-cloud.works
file-share.works
file-acess.live
dvcloud.live
drsync.click
drshare.online
drivestorage.online
drivepublic.live
drivehub.live
drivehost.live
drivedefend.com
dr365.live
diskstorage.click
documentapproved.click
deliverycitylife.com
datadrv1.com
d1rv.social
data-dv.live
consvcprivacy.com
cloudly.live
clouderive.com
cloud1dv.com
cloud-pdf.online
cdngateway.us
365work.chat
365msdrv.live
365drv.live
1dvstorage.com
1dv365.live
1drvms.space
1drw.live
1drvfiles.online
1drv365.online
1drvcloud.online
1drv365.live
1drv.zone
1drv.site
1drv.world
1drv.me
1drv-team.works
1drv.biz
1drivems.works
1drivecloud.click
1drivecloud.live
1drivems.expert
1drive.works
1drive.expert
1drive.social
1drive-work.online
1drive.bio
1dcloud.live
1day.live
fba9f2c351e898bfc61c8b1181020212ccb9e55041c4dd433ca2867dbf796469
f5f2761278163a1a813356666cb305fe37806f5f633b2a5475997f10d24fb3d4
e7917ff12114be5c79ca9bd0082eb628192c2ebfbee7aad2ae626ea208ee37cf
cd526475391c375e8e40f0146146672928db9bbf210acb41e0fd41381cd5eb9a
8f3b065e6aa6bc220867cdcb1c250c69b2d46422c51f66f25091f6cab5d043de
7fc65b23e0a85f548e4268b77b66a3c9f3d08b9c1817c99bc1336d51d36e1ec6
6d5226cba687d99ce14eda8de290edd470e79436625618559c8db1458a53666c
7e51eb44cfd945f4a155707f773fae3207ebfb59d45ea866ba69bd9bc28dfc32
54a94c7ec259104478b40fd0e6325d1f5364351e6ce1adfd79369d6438ed6ed9
3a234b49b834849689da477f77ca6363b40ee83e58213ee51b1ec248da90a543
33971df8f5c34c3c79f64e2e28e300260499285bd37f77295ba88897728ace4b
1c6a5476d485d311be1e07c2e0d2ae322214caa5d4f84398d4169d499105b01a
00385cae3630694eb70e2b82d5baa6130c503126c17db3fc63376c7d28c04145
07b9e353239c4c057115e8871adc3cfb42467998c6b737b28435ecc9405001c9