RomCom IoC Analysis and Expansion | WhoisXML API

Threat Reports

Nothing Funny or Romantic about These RomCom IoCs and Artifacts

Fake tools abound online, and one of those spreading them is RomCom. He has already been seen spoofing Keepass, Veeame, SolarWinds, Advanced IP Scanner, PDF Reader Pro, and other popular software.1

WhoisXML API researchers analyzed the RomCom IoCs and used the insights to uncover potential artifacts. Our study revealed the following:

  • Almost all of the IoCs had active IP resolutions geolocated in the U.S.
  • 1,200+ cybersquatting properties bore the names of spoofed software.
  • 1,400+ artifacts were connected to the RomCom IoCs through WHOIS details and DNS resolutions.
  • About 3% of the artifacts were flagged as malicious, and several unreported ones hosted questionable content.

Get access to our findings and uncover more on your own. Download the report now.

  • [1]  https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass 
Try our WhoisXML API for free
Get started