Advanced IP Scanner: the preferred scanner in the A(P)T toolbox
Hunt & Hackett has been working on a wide variety of targeted ransomware cases. During these cases, ‘Advanced IP Scanner’ (AIS) was regularly used as reconnaissance tool for Active Scanning (T1595) and Network Service Scanning (T1046). This white paper focuses on some of the forensic traces left by AIS that Hunt & Hackett has observed during Incident Response cases.
What you get from this white paper:
- Gain insights into the features of Advanced IP Scanner (AIS) as a freely available tool used by threat actors.
- Understand the forensic traces left by AIS on a host system, focusing on Windows registry keys.
- Explore the challenges and limitations of detecting Advanced IP Scanner processes
- Investigate behavioral detection methods, including the use of Chronicle and Canary tokens, to identify internal port scanning activities and enhance the organization's cyber defense capabilities