RomCom Analysisinfo

IOB - Indicator of Behavior (219)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en192
de14
zh10
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel12
SourceCodester Apartment Visitor Management System6
SourceCodester House Rental Management System4
RRJ Nueva Ecija Engineer Online Portal4
Campcodes Complete Web-Based School Management Sys ...4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SourceCodester Simple and Nice Shopping Cart Script profile.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.005880.15CVE-2022-2957
2SourceCodester Simple and Nice Shopping Cart Script login.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002930.04CVE-2022-2814
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.30CVE-2007-1167
4SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.07CVE-2022-2909
5SourceCodester Best Courier Management System view_parcel.php sql injection6.66.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.002820.07CVE-2023-5270
6OpenCart path traversal6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.001000.02CVE-2024-21518
7MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.02CVE-2007-0354
8SourceCodester Apartment Visitor Management System manage-apartment.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000800.07CVE-2022-2684
9SourceCodester Apartment Visitor Management System profile.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000720.04CVE-2022-2773
10SourceCodester Apartment Visitor Management System action-visitor.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001420.04CVE-2022-2772
11SourceCodester Apartment Visitor Management System index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.06CVE-2022-2677
12CodeAstro Simple House Rental System Login Panel cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000600.00CVE-2024-0343
13Green Electronics RainMachine Mini-8/Touch HD 12 Web Application REST API Persistent cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000880.00CVE-2018-6906
14Booked Scheduler reservation_save.php access control4.94.8$0-$5k$0-$5kNot DefinedNot Defined0.001950.00CVE-2023-24058
15Communigate Pro Pronto! Mail Composer INBOX-MM-1 Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000790.08CVE-2018-18621
16LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000000.66
17Genoo Plugin During Web Page cross site scripting5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-51605
18Mansur Ahamed Woocommerce Quote Calculator Plugin sql injection7.97.8$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2024-51626
19Apple visionOS Video File memory corruption6.16.0$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000490.00CVE-2024-44233
20code-projects Restaurant Order System login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001650.06CVE-2024-10733

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.94.207.11623-94-207-116-host.colocrossing.comUAT-5647RomCom10/18/2024verifiedVery High
223.137.253.43UAT-5647RomCom10/18/2024verifiedVery High
346.246.98.1546-246-98-15.static.glesys.netRomComUkraine06/08/2023verifiedHigh
4XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxx XxxxxxXxxxxx06/02/2023verifiedHigh
5XX.XX.XXX.XXXxx-xxxxXxxxxx10/18/2024verifiedVery High
6XX.XX.XXX.XXXxx-xxxxXxxxxx10/18/2024verifiedVery High
7XX.XX.XXX.XXXXxx-xxxxXxxxxx10/18/2024verifiedVery High
8XX.XXX.XXX.XXXXxxx XxxxxxXxxxxx06/02/2023verifiedHigh
9XX.XXX.XX.XXXXxx-xxxxXxxxxx10/18/2024verifiedVery High
10XXX.XXX.XX.XXXXxxxxxXxxxxxx06/08/2023verifiedHigh
11XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxx-xxxxXxxxxx10/18/2024verifiedVery High
12XXX.XX.XX.XXXxxxxxxxxxxx.xxxXxx-xxxxXxxxxx10/18/2024verifiedVery High
13XXX.XX.XX.XXXXxx-xxxxXxxxxx10/18/2024verifiedVery High
14XXX.XXX.XXX.XXXxx-xxxxXxxxxx10/18/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (163)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/accounts_con/register_accountpredictiveHigh
2File/admin/?page=inventory/view_inventory&id=2predictiveHigh
3File/admin/admin_user.phppredictiveHigh
4File/admin/change-image.phppredictiveHigh
5File/admin/File/pictureUploadpredictiveHigh
6File/admin/modules/product/controller.php?action=addpredictiveHigh
7File/Admin/News.phppredictiveHigh
8File/admin/update.phppredictiveHigh
9File/admin/user/manage_user.phppredictiveHigh
10File/admin_class.phppredictiveHigh
11File/api/admin/userpredictiveHigh
12File/api/stl/actions/searchpredictiveHigh
13File/app/action/add_staff.phppredictiveHigh
14File/app/ajax/sell_return_data.phppredictiveHigh
15File/cgi-bin/nas_sharing.cgipredictiveHigh
16File/classes/Master.php?f=delete_inquirypredictiveHigh
17File/conf/app.confpredictiveHigh
18File/dipam/athlete-profile.phppredictiveHigh
19File/forum/away.phppredictiveHigh
20File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
21File/xxxx/xxxx_xxxpredictiveHigh
22File/xxx/xxxx.xxxpredictiveHigh
23File/xxxxx.xxxpredictiveMedium
24File/xxxxxx-xxxxxxxxx.xxxpredictiveHigh
25File/xxxx/xxxxx-xx-x/predictiveHigh
26File/xxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
27File/xxxxxxx/xxxxx.xxxpredictiveHigh
28File/xxxxx/xxxxxxx_xxxxx_xxxx.xxxpredictiveHigh
29File/xxx_xxxxpredictiveMedium
30File/xxx/xxxx.xxxpredictiveHigh
31File/xxxxxxx.xxxpredictiveMedium
32File/xxxxxxpredictiveLow
33File/xxxxxxxx.xxxpredictiveHigh
34File/xx/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
35File/xxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36File/xxxx/xxxx_xxxxxxx.xxxpredictiveHigh
37File/xxxx/xxxxxxxxxxxxx/xxx/xxx_xxx_xxxxxx.xxxpredictiveHigh
38File/xxxx/xxxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
39File/xxxx/xxxxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
40Filexxxxxx-xxxxxxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexxx-xxxxxxxx.xxxpredictiveHigh
43Filexxx.xxxpredictiveLow
44Filexxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxx/?xxxx=xxxxxx/xxxx_xxxxxpredictiveHigh
47Filexxxxx_xxxxxx.xxxpredictiveHigh
48Filexxx/xxxx/xxxxxx_xxxxxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
49Filexxx/xxxxxxx/xx-xxx/xxxxx/xxx.xxxpredictiveHigh
50Filexxx/xxxxxxx/xx-xxxx/xxxxx/xxx.xxxpredictiveHigh
51Filexxxxxxxxx.xxxpredictiveHigh
52Filex/xxxxxx/xxxxx.xxxpredictiveHigh
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
55Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxpredictiveHigh
56Filexxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
58Filexxx_xxxxxxpredictiveMedium
59Filexxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxx/xx/xx-xxxx.xpredictiveHigh
61Filexxxxx.xxxpredictiveMedium
62Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxxpredictiveHigh
67Filexxxxx_xxxxxxx.xxxpredictiveHigh
68Filexxxxxx_xxxx.xxxpredictiveHigh
69Filexxxxxx.xxxpredictiveMedium
70Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
71Filexxxxxx_xxxx.xxxpredictiveHigh
72Filexxxxxxx.xxxpredictiveMedium
73Filexx/xxxxxxxx.xpredictiveHigh
74Filexxxxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxxxxxx_xxxx.xxxpredictiveHigh
76Filexxxxxx.xxxpredictiveMedium
77Filexxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxx.xxxpredictiveMedium
79Filexxxxxx_xxxxx.xxxpredictiveHigh
80Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
81Filexxxxxx_xxxx/xxxxx.xxxpredictiveHigh
82Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
83Filexxxx_xxxxxx.xxxpredictiveHigh
84File~/.xxxxxxxpredictiveMedium
85Libraryxxxxxx.xxx predictiveMedium
86Libraryxxx/xxxxxxx.xxx.xxxpredictiveHigh
87Libraryxxxxxx.xxpredictiveMedium
88Libraryxxxxxx.xxxpredictiveMedium
89Argumentxxxxxxx_xxxxpredictiveMedium
90Argumentxxxxx_xxxxxpredictiveMedium
91ArgumentxxxxxxxxxpredictiveMedium
92Argumentxxxxxxxxx xxxxxxpredictiveHigh
93ArgumentxxxxpredictiveLow
94ArgumentxxxpredictiveLow
95ArgumentxxxpredictiveLow
96ArgumentxxxxxxxxpredictiveMedium
97ArgumentxxxxxxxxxpredictiveMedium
98Argumentxxxxxxx[x][xxxx]predictiveHigh
99ArgumentxxxxxxxpredictiveLow
100ArgumentxxxxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103ArgumentxxxxxxxxxxxpredictiveMedium
104ArgumentxxxxxxxxxxxpredictiveMedium
105ArgumentxxxxpredictiveLow
106ArgumentxxxxxxxxxxpredictiveMedium
107Argumentxxxxxx/xxxxxxpredictiveHigh
108ArgumentxxxxxpredictiveLow
109ArgumentxxxxxpredictiveLow
110ArgumentxxxxxxxxxpredictiveMedium
111Argumentxxxxx_xxxpredictiveMedium
112ArgumentxxxxpredictiveLow
113Argumentxxxxxx[xxxxxxx]predictiveHigh
114Argumentxxxxx xxxxpredictiveMedium
115Argumentxxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
116ArgumentxxpredictiveLow
117ArgumentxxpredictiveLow
118Argumentxx/xxxxxx_xxxxxxxx/xxxxxx_xxx/xxxxxx_xxxxxxx/xxxxxx_xxxxxx/xxxxxx_xxxx/xxxxx/xxxx_xxx/xxxx_xxxxpredictiveHigh
119Argumentxx/xxxx/xxxxxxxxpredictiveHigh
120ArgumentxxxxxpredictiveLow
121ArgumentxxxxxpredictiveLow
122Argumentxxxx_xxxxpredictiveMedium
123Argumentxxxxxxxx[xx]predictiveMedium
124Argumentxxx_xxpredictiveLow
125ArgumentxxxpredictiveLow
126Argumentxx_xxxxpredictiveLow
127Argumentxxxx/xxxxxx/xxxxx/xxpredictiveHigh
128ArgumentxxxxpredictiveLow
129Argumentxxx_xxxxpredictiveMedium
130ArgumentxxxxxxxxxxxxpredictiveMedium
131ArgumentxxxxpredictiveLow
132Argumentxxxx/xxxxxx/xxxx_xxpredictiveHigh
133ArgumentxxxxxxxxpredictiveMedium
134ArgumentxxxxxpredictiveLow
135Argumentxxxxxxxx_xxpredictiveMedium
136Argumentxxx_xxxpredictiveLow
137Argumentxxxxxx_xxpredictiveMedium
138Argumentxxxxxxxx/xxxxx/xxxxxx/xxx/xxxxxxxxpredictiveHigh
139ArgumentxxxpredictiveLow
140ArgumentxxxxpredictiveLow
141Argumentxxxx_xxxxx_predictiveMedium
142ArgumentxxxxxxpredictiveLow
143Argumentxxxxxx xxxx/xxxxxx xxxxx xxxxpredictiveHigh
144ArgumentxxxxxxxxpredictiveMedium
145ArgumentxxxpredictiveLow
146ArgumentxxxxxxpredictiveLow
147ArgumentxxxxxxxxpredictiveMedium
148ArgumentxxxxxxxxpredictiveMedium
149Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
150Argumentxxxx_xxxxxpredictiveMedium
151Argumentxxxx_xxxxxxpredictiveMedium
152ArgumentxxxxxpredictiveLow
153Argument_xxpredictiveLow
154Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh
155Input Valuex'||(xxxxxx xxxxxxxxxx xxxxx xxxx=xxxx xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x))||'predictiveHigh
156Input Value</xxxxx><xxxxxx>xxxxx(xxxxxxxx)</xxxxxx>predictiveHigh
157Input Value</xxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
158Input Value<xxxxx xxx xxxxxxx=xxxxxx(xxxxxxxx.xxxxxx)>predictiveHigh
159Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
160Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
161Input ValuexxxxxpredictiveLow
162Input Valuexxxxx' xx x=x --predictiveHigh
163Input Valuexxxxxxx -xxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!