It offers automatic corrections for optical aberrations and image distortions for popular camera-lens combinations, as well as a range of other tools. The RomCom threat actor has been carefully following geopolitical events surrounding the war in Ukraine, targeting militaries, food supply chains, and IT companies. In RomCom’s latest campaign, the BlackBerry Threat Research and Intelligence team observed RomCom targeting politicians in Ukraine who are working closely with Western countries, and a U.S.-based healthcare company providing humanitarian aid to the refugees fleeing from Ukraine and receiving medical assistance in the U.S. Politicians from Ukraine U.S.-based Healthcare organizations Trojanized applications, 圆4 dll payloadsĬloned websites, C2 servers using self-signed SSL certificates This report is the first part of our research covering the details of RomCom’s latest malicious campaign, while the second part will cover RomCom's behaviors, including detection engineering. In mid-March 2023, we noticed an uptick in telemetry related to our tracking of the operator behind the RomCom remote access trojan (RAT). This uptick encompassed the creation of several new domains and associated artifacts, one of which, “ startleaguenet”, was linked to a file correlating to the SHA256 – c94e889a6c9f4c37f34f75bf54e6d1b2cd7ee654cd397df348d46abe0b0f6ca3, and titled RemoteDesktopManager.2022.3.35.0.exe.Īs its name suggests, Devolutions Remote Desktop Manager (RDM) is a legitimate utility designed to help facilitate secure remote connectivity. It is compatible with many commonly used remote connection utilities and technologies such as Citrix, FTP, Apple Remote Desktop, TeamViewer, LogMeIn, Microsoft Remote Desktop (RDP), SSH Shell, and many more. “ Remote Desktop Manager is an application that integrates a comprehensive set of tools and managers to meet the needs of any IT team.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |