![]() ![]() Tools : provide functionality to ping an IP, perform a Tracert, or connect with Telnet / SSH.IP scanning : scan the given range for systems that are alive, or dead.From a high-level perspective, AIS provides the user with the following functionality: ĪIS is a simple and user-friendly IP scanner, which provides the end user with a concise overview of the systems found in the network. After the installation / execution of AIS, the end user is presented with an overview as shown in Figure 1. ![]() Furthermore, this blogpost provides some pointers related to detecting Advanced IP Scanner.Īdvanced IP Scanner (AIS) is freely available online 1 and can be executed as an installer and as a portable version. The artefacts might be useful during an investigation, and can shine some (minor) light on threat actors’ activities. This small write-up focuses on some of the forensic traces left by AIS that Hunt & Hackett observed during Incident Response cases. Groups that have (had) used Advanced IP Scanner include: This has not only been observed by Hunt & Hackett, but also by other incident response parties. During these targeted ransomware cases, ‘Advanced IP Scanner’ (AIS) 1 was regularly used as reconnaissance tool for Active Scanning ( T1595) and Network Service Scanning ( T1046). Hunt & Hackett has been working on a wide variety of targeted ransomware cases. ![]()
0 Comments
Leave a Reply. |