", clicked on the network tab, and went back to the legitimate advanced - ip - scanner. com via the ad click. after some poking and prodding, i discovered the top result is the one we want to explore some more. so let ’ s click on this result and take a look at what we get. if we …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1105Ingress Tool Transfer
57%
"an executable is that we can see “ this program cannot be run in dos mode. ” near the top of the output. that ’ s a tell - tale sign of an. exe. we could download this a few different ways. we could click the “ save output ” button ( the little floppy disk icon above the output )…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1189Drive-by Compromise
41%
"need the file. so let ’ s grab it. let me show you what happens if we go to the site. in my case, i get redirected to the legitimate advanced ip scanner website instead of the malicious one : okay, well, what if i try to google it? maybe i can get the ad to show up? nope, in this…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
36%
"need the file. so let ’ s grab it. let me show you what happens if we go to the site. in my case, i get redirected to the legitimate advanced ip scanner website instead of the malicious one : okay, well, what if i try to google it? maybe i can get the ad to show up? nope, in this…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Threat actors have been using malicious versions of Advanced IP Scanner to compromise their targets via malvertising campaigns. Let’s analyze one.