{
  "name": "Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor",
  "slug": "fake-advanced-ip-scanner-installer-delivers-dangerous-backdoor",
  "description": "Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer injected a CobaltStrike beacon, a powerful remote access tool often used by threat actors, into a newly created process. This allowed the attackers to maintain control over the compromised system and potentially move laterally within the network.",
  "published": "2024-06-06T10:27:49+00:00",
  "created_at": "2024-06-06T10:27:49+00:00",
  "modified_at": "2024-06-06T10:36:42+00:00",
  "created_at_opencti": "2024-06-06T10:27:49+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-06-06",
    "backdoor",
    "cobaltstrike",
    "malicious-installer",
    "supply-chain",
    "typosquatting"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "www.advancced-ip-scaner.com"
      },
      {
        "id": "",
        "name": "nanopeb.com"
      },
      {
        "id": "",
        "name": "coldfusioncnc.com"
      },
      {
        "id": "",
        "name": "advanced-ip.org"
      },
      {
        "id": "",
        "name": "advnaced-ip-skanner.top"
      },
      {
        "id": "",
        "name": "advanced-ip-scanner.link"
      },
      {
        "id": "",
        "name": "advancced-ip-scanner.com"
      },
      {
        "id": "",
        "name": "adlvanced-ip-scanner.com"
      },
      {
        "id": "",
        "name": "fef06c28ae5a65672c31076b062e33cfaeb2b90309444f6567877f22997bc711"
      },
      {
        "id": "",
        "name": "9a0c600669772bc530fe07c2dbb23dbb4808c640d016ffb832460ed25d2bb49e"
      },
      {
        "id": "",
        "name": "248f3df68651214cfc1645792f685f8ac15db8f86978cfd3b181d618ccf03bc4"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:40339a286d3b7055",
        "name": "CobaltStrike",
        "slug": "cobaltstrike"
      }
    ],
    "attack_patterns": [
      {
        "id": "1d0d9e67-eb8a-439c-a2c7-cab311bb25c4",
        "name": "T1195.002"
      },
      {
        "id": "5c67e5d2-bc85-4ce0-822d-f2f5d3b0ae4e",
        "name": "T1185"
      },
      {
        "id": "6e4e21cc-92cf-4564-920e-d509bd22fd40",
        "name": "T1574"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "358e04b8-6f65-48b2-a24b-f101bfc6671a",
        "name": "T1195"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-advanced-ip-scanner-installer-delivers-dangerous-cobaltstrike-backdoor/",
    "https://otx.alienvault.com/pulse/6661ab4514e403bb06e14941"
  ]
}