RomCom

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to intrusion sets

· Published 20/12/2025 23:51 · Modified 27/05/2026 15:52 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 20/12/2025 23:51
Modified: 27/05/2026 15:52
Updated at: 27/05/2026 15:52
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 5 reports, 82 attack patterns (mitre), 13 malware, 19 sectors, 17 countries, 100 indicators, 27 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (5)

Russian RomCom Utilizing SocGholish to Deliver Mythic Agent …

1 CVE 7 MITREs 4 Malwares 8 Observables 1 APT
August Vulnerabilities of Note

20 CVEs 12 MITREs 3 Malwares 11 Observables 1 APT
Update WinRAR tools now: RomCom and others exploiting …

2 CVEs 3 Malwares 9 Observables 1 APT
Inside SnipBot: The Latest RomCom Malware Variant

21 MITREs 2 Malwares 38 Observables 1 APT
Ransomware Roundup - Underground

1 CVE 15 MITREs 1 Malware 4 Observables 1 APT

Attack patterns (MITRE) (82)

T1189 uses

Drive-by Compromise MITRE
T1588.006 uses

Vulnerabilities MITRE
T1027 uses

Obfuscated Files or Information MITRE
T1057 uses

Process Discovery MITRE
T1068 uses

Exploitation for Privilege Escalation MITRE
T1562.001 uses

Disable or Modify Tools MITRE
T1584 uses

Compromise Infrastructure MITRE
T1574 uses

Hijack Execution Flow MITRE
T1547.001 uses

Registry Run Keys / Startup Folder MITRE
T1055 uses

Process Injection MITRE
TA0010 uses

MITRE
T1021.001 uses

Remote Desktop Protocol MITRE

← Previous

Page / 7

13–24 of 82

VIPERTUNNEL uses

Family
SnipBot uses

Family
Underground uses

Family
Mythic uses

Family
QakBot uses

Family
RomCom backdoor uses
Hancitor uses
RomCom uses

Family
FAKEUPDATE uses

Family
Mythic Agent uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Mythic C2 agent uses

Family
RustyClaw uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 2

1–12 of 13

Legal targets
Pharmacy and drugs manufacturing targets
Insurance services targets
Consulting targets
Government targets
Energy targets
Technology targets
Healthcare targets
Finance targets
Information Technologies Consulting targets
Logistics targets
Manufacturing targets

← Previous

Page / 2

1–12 of 19

Korea, Democratic People's Republic of targets
Slovakia targets
United States of America targets
United Kingdom of Great Britain and Northern Ireland targets
Korea, Republic of targets
Australia targets
Netherlands targets
Canada targets
France targets
Germany targets
British Indian Ocean Territory targets
Singapore targets

← Previous

Page / 2

1–12 of 17

5c71601717bed14da74980ad554ad35d751691b2510653223c699e1f006195b8 indicates
bff4dd37febd5465e0091d9ea68006be475c0191bd8c7a79a44fbf4b99544ef1 indicates
9543f71d7c4e394223c9d41ccef71541e1f1eb0cc76e8fa0f632b8365069af64 indicates
bc1qyd05q2m5qt3nwpd3gcqkyer0gspqx5p6evcf7h indicates
8d805014ceb45195be5bab07a323970a1aa8bc60cdc529712bccaf6f3103e6a6 indicates

stix 100/100 Revoked

· Valid until 01/09/2024 · Source: AlienVault
9d41b2f7c07110fb855c62b5e7e330a597860916599e73dd3505694fd1bbe163 indicates
2c327087b063e89c376fd84d48af7b855e686936765876da2433485d496cb3a4 indicates
b160bd46b6efc6d79bfb76cf3eeacca2300050248969decba139e9e1cbeebf53 indicates
1b943afac4f476d523310b8e3afe7bca761b8cbaa9ea2b9f01237ca4652fc834 indicates
sitepanel.top indicates
857f28b8fe31cf5db6d45d909547b151a66532951f26cda5f3320d2d4461b583 indicates
4306c5d152cdd86f3506f91633ef3ae7d8cf0dd25f3e37bec43423c4742f4c42 indicates

← Previous

Page / 9

1–12 of 100

Vulnerabilities (CVE) (27)

CVE-2025-8424 targets

8.7 High

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the …

Published: 20/12/2025
Modified: 27/05/2026

Received

CVE-2025-8875 KEV targets

9.4 Critical

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Attack vector: Local
Published: 13/08/2025
Modified: 27/05/2026

Analyzed

CVE-2022-24521 KEV targets

Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

Published: 13/04/2022
Modified: 27/05/2026

CVE-2007-0671 KEV targets

8.8 High

Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This …

Attack vector: Network
Complexity: Low
Published: 03/02/2007
Modified: 27/05/2026

CVE-2025-7775 KEV targets

9.2 Critical

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured …

Attack vector: Network
Published: 26/08/2025
Modified: 27/05/2026

Analyzed

CVE-2023-36584 KEV targets

5.4 Medium

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability …

Attack vector: Network
Published: 16/11/2023
Modified: 27/05/2026

CVE-2013-3893 KEV targets

8.8 High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or …

Attack vector: Network
Complexity: Low
Published: 18/09/2013
Modified: 27/05/2026

CWE-399 CWE-416

CVE-2022-41049 KEV targets

5.4 Medium

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability …

Attack vector: Network
Published: 14/11/2022
Modified: 27/05/2026

CVE-2025-43300 KEV targets

10.0 Critical

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS …

Attack vector: Network
Complexity: Low
Published: 21/08/2025
Modified: 27/05/2026

CWE-787 Received

CVE-2024-26009 targets

8.1 High

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS …

Attack vector: Network
Complexity: High
Published: 12/08/2025
Modified: 27/05/2026

CWE-288 Received

CVE-2025-25256 targets

9.8 Critical

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through …

Attack vector: Network
Published: 12/08/2025
Modified: 27/05/2026

Received

CVE-2020-1472 KEV targets

5.5 Medium

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …

Attack vector: Local
Published: 03/11/2021
Modified: 27/05/2026

← Previous

Page / 3

13–24 of 27

Contact About Legal notice Privacy policy Terms of use

RomCom

Essential information

Description

Marking (TLP)

Related entities

Reports (5)

Attack patterns (MITRE) (82)

Malware (13)

Sectors (19)

Countries (17)

Indicators (100)

Vulnerabilities (CVE) (27)