![]() The threat actor spoofed the “pdfFiller” website, dropping a Trojanized version with RomCom RAT as the final payload. Particularly, these domains resolved to the same IP address of 16771175165. The Trojanized “Advanced IP Scanner” package was hosted on “advanced-ip-scanercom” and “advanced-ip-scannerscom” domains. Previously, RomCom RAT was distributed via fake websites spoofing the legitimate “Advanced IP Scanner” application website. Later, the enhanced evasion techniques by obfuscation of all strings, and execution as a COM object, happened on October 10, 2022, RomCom RAT Distributed as Spoofed Versions ![]() When the victim installs a Trojanized bundle, it drops RomCom RAT into the system. Reports say the “Advanced IP Scanner” campaign occurred on July 23, 2022. ![]() The threat actors are known to spoof legitimate apps like ‘Advanced IP Scanner’ and ‘PDF Filler’ to drop backdoors on compromised systems. The threat actor behind a remote access trojan, ‘RomCom RAT’ is now targeting Ukrainian military institutions.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |