RomCom

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to intrusion sets

· Published 20/12/2025 23:51 · Modified 27/05/2026 15:52 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 20/12/2025 23:51
Modified: 27/05/2026 15:52
Updated at: 27/05/2026 15:52
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 5 reports, 82 attack patterns (mitre), 13 malware, 19 sectors, 17 countries, 100 indicators, 27 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (5)

Russian RomCom Utilizing SocGholish to Deliver Mythic Agent …

1 CVE 7 MITREs 4 Malwares 8 Observables 1 APT
August Vulnerabilities of Note

20 CVEs 12 MITREs 3 Malwares 11 Observables 1 APT
Update WinRAR tools now: RomCom and others exploiting …

2 CVEs 3 Malwares 9 Observables 1 APT
Inside SnipBot: The Latest RomCom Malware Variant

21 MITREs 2 Malwares 38 Observables 1 APT
Ransomware Roundup - Underground

1 CVE 15 MITREs 1 Malware 4 Observables 1 APT

Attack patterns (MITRE) (82)

T1189 uses

Drive-by Compromise MITRE
T1588.006 uses

Vulnerabilities MITRE
T1027 uses

Obfuscated Files or Information MITRE
T1057 uses

Process Discovery MITRE
T1068 uses

Exploitation for Privilege Escalation MITRE
T1562.001 uses

Disable or Modify Tools MITRE
T1584 uses

Compromise Infrastructure MITRE
T1574 uses

Hijack Execution Flow MITRE
T1547.001 uses

Registry Run Keys / Startup Folder MITRE
T1055 uses

Process Injection MITRE
TA0010 uses

MITRE
T1021.001 uses

Remote Desktop Protocol MITRE

← Previous

Page / 7

13–24 of 82

VIPERTUNNEL uses

Family
SnipBot uses

Family
Underground uses

Family
Mythic uses

Family
QakBot uses

Family
RomCom backdoor uses
Hancitor uses
RomCom uses

Family
FAKEUPDATE uses

Family
Mythic Agent uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Mythic C2 agent uses

Family
RustyClaw uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 2

1–12 of 13

Legal targets
Pharmacy and drugs manufacturing targets
Insurance services targets
Consulting targets
Government targets
Energy targets
Technology targets
Healthcare targets
Finance targets
Information Technologies Consulting targets
Logistics targets
Manufacturing targets

← Previous

Page / 2

1–12 of 19

Korea, Democratic People's Republic of targets
Slovakia targets
United States of America targets
United Kingdom of Great Britain and Northern Ireland targets
Korea, Republic of targets
Australia targets
Netherlands targets
Canada targets
France targets
Germany targets
British Indian Ocean Territory targets
Singapore targets

← Previous

Page / 2

1–12 of 17

88d13669a994d2e04ec0a9940f07ab8aab8563eb845a9c13f2b0fec497df5b17 indicates
1308146f161ed60c86532dd2d2de8de8b0401e27023fc56f83903f137fccacfd indicates
gohazeldale.com indicates

stix 100/100 Revoked

· Valid until 06/01/2026 · Source: AlienVault
65778e3afc448f89680e8de9791500d21a22e2279759d8d93e2ece2bc8dae04d indicates

stix 100/100 Revoked

· Valid until 01/09/2024 · Source: AlienVault
8a3d71c668574ad6e7406d3227ba5adc5a230dd3057edddc4d0ec5f8134d76c3 indicates
bc1qhtwfcysclc7pck2y3vmjtpzkaezhcm6perc99x indicates
01242b35b6def71e42cc985e97d618e2fabd616b16d23f7081d575364d09ca74 indicates
c646199a9799b6158de419b1b7e36b46c7b7413d6c35bfffaeaa8700b2dcc427 indicates
mcprotect.cloud indicates
2eb3ef8a7a2c498e87f3820510752043b20cbe35b0cbd9af3f69e8b8fe482676 indicates
20f58bd5381509072e46ad79e859fb198335dcd49c2cb738bd76f1d37d24c0a7 indicates
f08cc922c5dab73f6a2534f8ceec8525604814ae7541688b7f65ac9924ace855 indicates

← Previous

Page / 9

13–24 of 100

Vulnerabilities (CVE) (27)

CVE-2025-8424 targets

8.7 High

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the …

Published: 20/12/2025
Modified: 27/05/2026

Received

CVE-2025-8875 KEV targets

9.4 Critical

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Attack vector: Local
Published: 13/08/2025
Modified: 27/05/2026

Analyzed

CVE-2022-24521 KEV targets

Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

Published: 13/04/2022
Modified: 27/05/2026

CVE-2007-0671 KEV targets

8.8 High

Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This …

Attack vector: Network
Complexity: Low
Published: 03/02/2007
Modified: 27/05/2026

CVE-2025-7775 KEV targets

9.2 Critical

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured …

Attack vector: Network
Published: 26/08/2025
Modified: 27/05/2026

Analyzed

CVE-2023-36584 KEV targets

5.4 Medium

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability …

Attack vector: Network
Published: 16/11/2023
Modified: 27/05/2026

CVE-2013-3893 KEV targets

8.8 High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or …

Attack vector: Network
Complexity: Low
Published: 18/09/2013
Modified: 27/05/2026

CWE-399 CWE-416

CVE-2022-41049 KEV targets

5.4 Medium

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability …

Attack vector: Network
Published: 14/11/2022
Modified: 27/05/2026

CVE-2025-43300 KEV targets

10.0 Critical

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS …

Attack vector: Network
Complexity: Low
Published: 21/08/2025
Modified: 27/05/2026

CWE-787 Received

CVE-2024-26009 targets

8.1 High

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS …

Attack vector: Network
Complexity: High
Published: 12/08/2025
Modified: 27/05/2026

CWE-288 Received

CVE-2025-25256 targets

9.8 Critical

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through …

Attack vector: Network
Published: 12/08/2025
Modified: 27/05/2026

Received

CVE-2020-1472 KEV targets

5.5 Medium

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …

Attack vector: Local
Published: 03/11/2021
Modified: 27/05/2026

← Previous

Page / 3

13–24 of 27

Contact About Legal notice Privacy policy Terms of use

RomCom

Essential information

Description

Marking (TLP)

Related entities

Reports (5)

Attack patterns (MITRE) (82)

Malware (13)

Sectors (19)

Countries (17)

Indicators (100)

Vulnerabilities (CVE) (27)