Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor
June 6, 2024, 12:36 p.m.
Tags
External References
Description
Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer injected a CobaltStrike beacon, a powerful remote access tool often used by threat actors, into a newly created process. This allowed the attackers to maintain control over the compromised system and potentially move laterally within the network.
Date
Published: June 6, 2024, 12:27 p.m.
Created: June 6, 2024, 12:27 p.m.
Modified: June 6, 2024, 12:36 p.m.
Indicators
fef06c28ae5a65672c31076b062e33cfaeb2b90309444f6567877f22997bc711
9a0c600669772bc530fe07c2dbb23dbb4808c640d016ffb832460ed25d2bb49e
248f3df68651214cfc1645792f685f8ac15db8f86978cfd3b181d618ccf03bc4
www.advancced-ip-scaner.com
nanopeb.com
coldfusioncnc.com
advanced-ip.org
advnaced-ip-skanner.top
advanced-ip-scanner.link
advancced-ip-scanner.com
adlvanced-ip-scanner.com
Attack Patterns
CobaltStrike
T1195.002
T1185
T1574
T1105
T1083
T1055
T1036
T1053
T1195
T1190
T1059