threatintel
actor tracker
IOC pivot
ioc · domain

combinedresidency[.]org

RU · RussiaRomComconfidence · high

Tropical Scorpius staging domain documented by Unit 42 in their August 2022 Cuba ransomware / ROMCOM report. Listed alongside optasko[.]com as actor-controlled infrastructure.

family
RomCom RAT
first seen
Jul 31, 2022
publisher
Palo Alto Networks Unit 42
source citation