RomCom Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
ru2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us10
ru6
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Vidar1
RomCom1
ShadowPad1
FIN71

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Database Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
APSystems2
Microsoft2
Fortinet2
Fortra2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

KeePass2
ampleShop2
APSystems ECU-R2
Microsoft SQL Server2
rgb2hex2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Booked Scheduler reservation_save.php access control4.94.8$0-$5k$0-$5kNot DefinedNot Defined0.001690.00CVE-2023-24058
2Communigate Pro Pronto! Mail Composer Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001650.00CVE-2018-18621
3Bitcoin Core dumpwallet RPC Call .bitcoin path traversal6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001020.00CVE-2021-3195
4ampleShop category.cfm sql injection7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.03CVE-2006-2038
5Microsoft SQL Server FILESTREAM Path information disclosure6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003530.00CVE-2016-7252
6Fortra GoAnywhere MFT License Response Servlet deserialization6.76.6$0-$5k$0-$5kHighOfficial Fix0.969690.05CVE-2023-0669
7Advanced Electron Forum Private Message Module Persistent cross site scripting3.73.7$0-$5k$0-$5kNot DefinedNot Defined0.000670.03CVE-2018-13000
8Fortinet FortiWeb HTTP Request stack-based overflow8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000840.00CVE-2023-23780
9APSystems ECU-R Administration Interface command injection9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.001980.00CVE-2022-45699
10rgb2hex redos5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.07CVE-2018-25061
11KeePass XML Configuration File missing encryption4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.000560.04CVE-2023-24055
12Signal Desktop Attachment information disclosure3.43.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2023-24069
13Fortinet FortiTester os command injection8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001360.00CVE-2022-35845
14Apache Tomcat access control7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.012250.04CVE-2011-3190
15IBM Lotus Notes information disclosure7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001800.04CVE-2016-3674
16Microsoft Exchange Server information disclosure5.34.8$5k-$25k$0-$5kUnprovenOfficial Fix0.001120.04CVE-2022-34692

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.246.98.1546-246-98-15.static.glesys.netRomComUkraine06/08/2023verifiedHigh
2XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxx XxxxxxXxxxxx06/02/2023verifiedHigh
3XX.XXX.XXX.XXXXxxx XxxxxxXxxxxx06/02/2023verifiedHigh
4XXX.XXX.XX.XXXXxxxxxXxxxxxx06/08/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/MIME/INBOX-MM-1/predictiveHigh
2Filecategory.cfmpredictiveMedium
3Filexxxxxxxxxxx_xxxx.xxxpredictiveHigh
4File~/.xxxxxxxpredictiveMedium
5ArgumentxxxpredictiveLow
6ArgumentxxxxxxxxpredictiveMedium
7ArgumentxxxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!