Ukrainian authorities have arrested a 42-year-old Lviv, Ukraine resident who is believed to have been behind a number of the modifications to the DarkComet remote administration tool. DarkComet was originally develop by a legitimate French developer as a remote administration tool in 2008. By 2012, the original developer abandoned the project after seeing hackers modifying the tool and using it as a remote access trojan (RAT). Ukrainian authorities were able to track down their suspect after it was found that one of the malicious versions of DarkComet was attempting to communicate with the IP address 126.96.36.199, which was linked back to a residential location. After investigating a number of the electronics in the suspect’s home, a modified control panel for the RAT was found on one of the suspect’s computers as well as other files associated with DarkComet. A number of modifications have been made to DarkComet over the years and it is currently unknown if the suspect who was arrested in Lviv was the only author of those modifications or not.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased