IOC pivotioc · domain
advanced-ip-scaner[.]com
RU · RussiaRomComconfidence · high
Typosquat of advanced-ip-scanner.com used by Storm-0978 (Microsoft's tracker for the RomCom operator) to deliver trojanized installers - documented in the Microsoft Security Blog write-up that disclosed CVE-2023-36884 exploitation.
- family
- RomCom RAT
- first seen
- Jul 10, 2023
- publisher
- Microsoft Threat Intelligence