{
	"id": "a4d73199-e7d4-42e3-8618-b980fca25306",
	"created_at": "2026-04-06T00:18:44.405505Z",
	"updated_at": "2026-04-10T13:11:22.848907Z",
	"deleted_at": null,
	"sha1_hash": "f06b5281f360b56890dec334e5d38968ac0957a6",
	"title": "ROMCOM RAT (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 27444,
	"plain_text": "ROMCOM RAT (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 15:35:06 UTC\r\nUnit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was\r\ndeployed.\r\n[TLP:WHITE] win_romcom_rat_auto (20251219 | Detects win.romcom_rat.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.romcom_rat\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.romcom_rat\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.romcom_rat"
	],
	"report_names": [
		"win.romcom_rat"
	],
	"threat_actors": [
		{
			"id": "fecc0d5a-3654-425d-9290-b6d0b4105463",
			"created_at": "2023-10-17T02:00:08.330061Z",
			"updated_at": "2026-04-10T02:00:03.37711Z",
			"deleted_at": null,
			"main_name": "Void Rabisu",
			"aliases": [
				"Tropical Scorpius"
			],
			"source_name": "MISPGALAXY:Void Rabisu",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "555e2cac-931d-4ad4-8eaa-64df6451059d",
			"created_at": "2023-01-06T13:46:39.48103Z",
			"updated_at": "2026-04-10T02:00:03.342729Z",
			"deleted_at": null,
			"main_name": "RomCom",
			"aliases": [
				"UAT-5647",
				"Storm-0978"
			],
			"source_name": "MISPGALAXY:RomCom",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d58052ba-978b-4775-985a-26ed8e64f98c",
			"created_at": "2023-09-07T02:02:48.069895Z",
			"updated_at": "2026-04-10T02:00:04.946879Z",
			"deleted_at": null,
			"main_name": "Tropical Scorpius",
			"aliases": [
				"DEV-0978",
				"RomCom",
				"Storm-0671",
				"Storm-0978",
				"TA829",
				"Tropical Scorpius",
				"UAC-0180",
				"UNC2596",
				"Void Rabisu"
			],
			"source_name": "ETDA:Tropical Scorpius",
			"tools": [
				"COLDDRAW",
				"Cuba",
				"Industrial Spy",
				"PEAPOD",
				"ROMCOM",
				"ROMCOM RAT",
				"SingleCamper",
				"SnipBot"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "4f56bb34-098d-43f6-a0e8-99616116c3ea",
			"created_at": "2024-06-19T02:03:08.048835Z",
			"updated_at": "2026-04-10T02:00:03.870819Z",
			"deleted_at": null,
			"main_name": "GOLD FLAMINGO",
			"aliases": [
				"REF9019 ",
				"Tropical Scorpius ",
				"UAC-0132 ",
				"UAC0132 ",
				"UNC2596 ",
				"Void Rabisu "
			],
			"source_name": "Secureworks:GOLD FLAMINGO",
			"tools": [
				"Chanitor",
				"Cobalt Strike",
				"Cuba",
				"Meterpreter",
				"Mimikatz",
				"ROMCOM RAT"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434724,
	"ts_updated_at": 1775826682,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f06b5281f360b56890dec334e5d38968ac0957a6.pdf",
		"text": "https://archive.orkl.eu/f06b5281f360b56890dec334e5d38968ac0957a6.txt",
		"img": "https://archive.orkl.eu/f06b5281f360b56890dec334e5d38968ac0957a6.jpg"
	}
}