Back to Blog
Advanced ip scanner6/19/2023 ![]() The threat actor spoofed the “pdfFiller” website, dropping a Trojanized version with RomCom RAT as the final payload. Particularly, these domains resolved to the same IP address of 16771175165. ![]() The Trojanized “Advanced IP Scanner” package was hosted on “advanced-ip-scanercom” and “advanced-ip-scannerscom” domains. Previously, RomCom RAT was distributed via fake websites spoofing the legitimate “Advanced IP Scanner” application website. Later, the enhanced evasion techniques by obfuscation of all strings, and execution as a COM object, happened on October 10, 2022, RomCom RAT Distributed as Spoofed Versions When the victim installs a Trojanized bundle, it drops RomCom RAT into the system. Reports say the “Advanced IP Scanner” campaign occurred on July 23, 2022. The threat actors are known to spoof legitimate apps like ‘Advanced IP Scanner’ and ‘PDF Filler’ to drop backdoors on compromised systems. ![]() The threat actor behind a remote access trojan, ‘RomCom RAT’ is now targeting Ukrainian military institutions.
0 Comments
Read More
Leave a Reply. |