← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor
Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer injected a CobaltStrike beacon, a powerful remote access tool often used by threat actors, into a newly created process. This allowed the attackers to maintain control over the compromised system and potentially move laterally within the network.
MITRE ATT&CK & Malware Families
Indicators of Compromise (15)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 21cdd0a64e8ac9ed58de9b88986c8983 | — | 2024-06-06 | |
| FileHash-MD5 | 723227f3a71001fb9c0cd28ff52b2636 | — | 2024-06-06 | |
| FileHash-SHA1 | 360dea776b5a706c09bbf8ce94ceb638f48301e3 | — | 2024-06-06 | |
| FileHash-SHA1 | 50792f2cbef2f35ca4fa843fed7ce84ee3a0339e | — | 2024-06-06 | |
| FileHash-SHA256 | 248f3df68651214cfc1645792f685f8ac15db8f86978cfd3b181d618ccf03bc4 | — | 2024-06-06 | |
| FileHash-SHA256 | 9a0c600669772bc530fe07c2dbb23dbb4808c640d016ffb832460ed25d2bb49e | — | 2024-06-06 | |
| FileHash-SHA256 | fef06c28ae5a65672c31076b062e33cfaeb2b90309444f6567877f22997bc711 | — | 2024-06-06 | |
| domain | adlvanced-ip-scanner.com | — | 2024-06-06 | |
| domain | advancced-ip-scanner.com | — | 2024-06-06 | |
| domain | advanced-ip-scanner.link | — | 2024-06-06 | |
| domain | advanced-ip.org | — | 2024-06-06 | |
| domain | advnaced-ip-skanner.top | — | 2024-06-06 | |
| domain | coldfusioncnc.com | — | 2024-06-06 | |
| domain | nanopeb.com | — | 2024-06-06 | |
| hostname | www.advancced-ip-scaner.com | — | 2024-06-06 |