RomCom
Essential information
- Confidence
- 100/100
- Published
- 20/12/2025 23:51
- Modified
- 27/05/2026 15:52
- Updated at
- 27/05/2026 15:52
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 5 reports, 82 attack patterns (mitre), 13 malware, 19 sectors, 17 countries, 100 indicators, 27 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (5)
-
1 CVE 7 MITREs 4 Malwares 8 Observables 1 APT
-
20 CVEs 12 MITREs 3 Malwares 11 Observables 1 APT
-
2 CVEs 3 Malwares 9 Observables 1 APT
-
21 MITREs 2 Malwares 38 Observables 1 APT
-
1 CVE 15 MITREs 1 Malware 4 Observables 1 APT
Attack patterns (MITRE) (82)
-
T1078 usesValid Accounts MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1574.001 usesDLL MITRE
-
T1047 usesWindows Management Instrumentation MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1217 usesBrowser Information Discovery MITRE
-
T1546 usesEvent Triggered Execution MITRE
-
T1497 usesVirtualization/Sandbox Evasion MITRE
-
T1543.003 usesWindows Service MITRE
-
T1049 usesSystem Network Connections Discovery MITRE
-
T1112 usesModify Registry MITRE
-
T1113 usesScreen Capture MITRE
Malware (13)
-
VIPERTUNNEL usesFamily
-
SnipBot usesFamily
-
Underground usesFamily
-
Mythic usesFamily
-
QakBot usesFamily
-
RomCom backdoor uses
-
Hancitor uses
-
RomCom usesFamily
-
FAKEUPDATE usesFamily
-
Mythic Agent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mythic C2 agent usesFamily
-
RustyClaw usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (19)
-
Legal targets
-
Pharmacy and drugs manufacturing targets
-
Insurance services targets
-
Consulting targets
-
Government targets
-
Energy targets
-
Technology targets
-
Healthcare targets
-
Finance targets
-
Information Technologies Consulting targets
-
Logistics targets
-
Manufacturing targets
Countries (17)
-
Korea, Democratic People's Republic of targets
-
Slovakia targets
-
United States of America targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
Korea, Republic of targets
-
Australia targets
-
Netherlands targets
-
Canada targets
-
France targets
-
Germany targets
-
British Indian Ocean Territory targets
-
Singapore targets
Indicators (100)
-
5b30a5b71ef795e07c91b7a43b3c1113894a82ddffc212a2fa71eebc078f5118indicates -
africa.thesmalladventureguide.comindicatesstix 100/100· Valid until 31/10/2026 · Source: AlienVault -
db3b1f224aec1a7c58946d819d729d0903751d1867113aae5cca87e38c653cf4indicates -
journalctd.liveindicates -
4fc768476ee92230db5dbc4d8cbca49a71f8433542e62e093c3ad160f699c98dindicates -
stix 100/100 Revoked
stack_string
· Valid until 23/11/2024 · Source: AlienVault -
48142dc7fe28a5d8a849fff11cb8206912e8382314a2f05e72abad0978b27e90related -
f74ebf0506dc3aebc9ba6ca1e7460d9d84543d7dadb5e9912b86b843e8a5b671related -
952b34f6370294c5a0bb122febfaa80612fef1f32eddd48a3d0556c4286b7474related -
0f385cc69a93abeaf84994e7887cb173e889d309a515b55b2205805bdfe468a3related
Vulnerabilities (CVE) (27)
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the …
- Published
- 20/12/2025
- Modified
- 27/05/2026
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
- Attack vector
- Local
- Published
- 13/08/2025
- Modified
- 27/05/2026
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 13/04/2022
- Modified
- 27/05/2026
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This …
- Attack vector
- Network
- Complexity
- Low
- Published
- 03/02/2007
- Modified
- 27/05/2026
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured …
- Attack vector
- Network
- Published
- 26/08/2025
- Modified
- 27/05/2026
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability …
- Attack vector
- Network
- Published
- 16/11/2023
- Modified
- 27/05/2026
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or …
- Attack vector
- Network
- Complexity
- Low
- Published
- 18/09/2013
- Modified
- 27/05/2026
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability …
- Attack vector
- Network
- Published
- 14/11/2022
- Modified
- 27/05/2026
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS …
- Attack vector
- Network
- Complexity
- Low
- Published
- 21/08/2025
- Modified
- 27/05/2026
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS …
- Attack vector
- Network
- Complexity
- High
- Published
- 12/08/2025
- Modified
- 27/05/2026
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026