Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor

June 6, 2024, 12:36 p.m.

Description

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer injected a CobaltStrike beacon, a powerful remote access tool often used by threat actors, into a newly created process. This allowed the attackers to maintain control over the compromised system and potentially move laterally within the network.

Date

Published: June 6, 2024, 12:27 p.m.

Created: June 6, 2024, 12:27 p.m.

Modified: June 6, 2024, 12:36 p.m.

Indicators

fef06c28ae5a65672c31076b062e33cfaeb2b90309444f6567877f22997bc711

9a0c600669772bc530fe07c2dbb23dbb4808c640d016ffb832460ed25d2bb49e

248f3df68651214cfc1645792f685f8ac15db8f86978cfd3b181d618ccf03bc4

www.advancced-ip-scaner.com

nanopeb.com

coldfusioncnc.com

advanced-ip.org

advnaced-ip-skanner.top

advanced-ip-scanner.link

advancced-ip-scanner.com

adlvanced-ip-scanner.com

Attack Patterns

CobaltStrike

T1195.002

T1185

T1574

T1105

T1083

T1055

T1036

T1053

T1195

T1190

T1059