RomCom
· Published 20/12/2025 23:51 · Modified 27/05/2026 15:52
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 20/12/2025 23:51
- Modified
- 27/05/2026 15:52
- Updated at
- 27/05/2026 15:52
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 5 reports, 82 attack patterns (mitre), 13 malware, 19 sectors, 17 countries, 100 indicators, 27 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (5)
-
1 CVE 7 MITREs 4 Malwares 8 Observables 1 APT
-
20 CVEs 12 MITREs 3 Malwares 11 Observables 1 APT
-
2 CVEs 3 Malwares 9 Observables 1 APT
-
21 MITREs 2 Malwares 38 Observables 1 APT
-
1 CVE 15 MITREs 1 Malware 4 Observables 1 APT
Attack patterns (MITRE) (82)
-
T1189 usesDrive-by Compromise MITRE
-
T1588.006 usesVulnerabilities MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1057 usesProcess Discovery MITRE
-
T1068 usesExploitation for Privilege Escalation MITRE
-
T1562.001 usesDisable or Modify Tools MITRE
-
T1584 usesCompromise Infrastructure MITRE
-
T1574 usesHijack Execution Flow MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1055 usesProcess Injection MITRE
-
TA0010 uses
-
T1021.001 usesRemote Desktop Protocol MITRE
Malware (13)
-
VIPERTUNNEL usesFamily
-
SnipBot usesFamily
-
Underground usesFamily
-
Mythic usesFamily
-
QakBot usesFamily
-
RomCom backdoor uses
-
Hancitor uses
-
RomCom usesFamily
-
FAKEUPDATE usesFamily
-
Mythic Agent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mythic C2 agent usesFamily
-
RustyClaw usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (19)
-
Legal targets
-
Pharmacy and drugs manufacturing targets
-
Insurance services targets
-
Consulting targets
-
Government targets
-
Energy targets
-
Technology targets
-
Healthcare targets
-
Finance targets
-
Information Technologies Consulting targets
-
Logistics targets
-
Manufacturing targets
Countries (17)
-
Korea, Democratic People's Republic of targets
-
Slovakia targets
-
United States of America targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
Korea, Republic of targets
-
Australia targets
-
Netherlands targets
-
Canada targets
-
France targets
-
Germany targets
-
British Indian Ocean Territory targets
-
Singapore targets
Indicators (100)
-
5c71601717bed14da74980ad554ad35d751691b2510653223c699e1f006195b8indicates -
bff4dd37febd5465e0091d9ea68006be475c0191bd8c7a79a44fbf4b99544ef1indicates -
9543f71d7c4e394223c9d41ccef71541e1f1eb0cc76e8fa0f632b8365069af64indicates -
bc1qyd05q2m5qt3nwpd3gcqkyer0gspqx5p6evcf7hindicates -
stix 100/100 Revoked· Valid until 01/09/2024 · Source: AlienVault
-
9d41b2f7c07110fb855c62b5e7e330a597860916599e73dd3505694fd1bbe163indicates -
2c327087b063e89c376fd84d48af7b855e686936765876da2433485d496cb3a4indicates -
b160bd46b6efc6d79bfb76cf3eeacca2300050248969decba139e9e1cbeebf53indicates -
1b943afac4f476d523310b8e3afe7bca761b8cbaa9ea2b9f01237ca4652fc834indicates -
sitepanel.topindicates -
857f28b8fe31cf5db6d45d909547b151a66532951f26cda5f3320d2d4461b583indicates -
4306c5d152cdd86f3506f91633ef3ae7d8cf0dd25f3e37bec43423c4742f4c42indicates
Vulnerabilities (CVE) (27)
CVE-2025-7776
targets
8.8
High
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is …
- Attack vector
- Network
- Published
- 26/08/2025
- Modified
- 27/05/2026
D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service …
- Published
- 05/08/2025
- Modified
- 27/05/2026
8.0
High
Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must …
- Attack vector
- Adjacent
- Published
- 25/08/2025
- Modified
- 27/05/2026