Description
Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer injected a CobaltStrike beacon, a powerful remote access tool often used by threat actors, into a newly created process. This allowed the attackers to maintain control over the compromised system and potentially move laterally within the network.
Date
| Published | Created | Modified |
|---|---|---|
| June 6, 2024, 12:27 p.m. | June 6, 2024, 12:27 p.m. | June 6, 2024, 12:36 p.m. |
Indicators
fef06c28ae5a65672c31076b062e33cfaeb2b90309444f6567877f22997bc711
9a0c600669772bc530fe07c2dbb23dbb4808c640d016ffb832460ed25d2bb49e
248f3df68651214cfc1645792f685f8ac15db8f86978cfd3b181d618ccf03bc4
www.advancced-ip-scaner.com
Attack Patterns
CobaltStrike
T1195.002
T1185
T1574
T1105
T1083
T1055
T1036
T1053
T1195
T1190
T1059