![]() The BlackBerry Research and Intelligence team has identified two versions of it, “Advanced_IP_Scanner_V.1.zip” and “advancedipscanner.msi.” Fake “Advanced IP Scanner” website Legitimate “Advanced IP Scanner” website The threat actor spoofed the “pdfFiller” website, dropping a Trojanized version with RomCom RAT as the final payload. Particularly, these domains resolved to the same IP address of 16771175165. The Trojanized “Advanced IP Scanner” package was hosted on “advanced-ip-scanercom” and “advanced-ip-scannerscom” domains. Previously, RomCom RAT was distributed via fake websites spoofing the legitimate “Advanced IP Scanner” application website. ![]() ![]() Later, the enhanced evasion techniques by obfuscation of all strings, and execution as a COM object, happened on October 10, 2022, RomCom RAT Distributed as Spoofed Versions When the victim installs a Trojanized bundle, it drops RomCom RAT into the system. Reports say the “Advanced IP Scanner” campaign occurred on July 23, 2022. The threat actors are known to spoof legitimate apps like ‘Advanced IP Scanner’ and ‘PDF Filler’ to drop backdoors on compromised systems. The threat actor behind a remote access trojan, ‘RomCom RAT’ is now targeting Ukrainian military institutions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |