Araneida Scanner: Cracked Acunetix Web App & API Scanner Discovered

Dec. 20, 2024, 11:42 a.m.

Description

Silent Push Threat Analysts have uncovered the Araneida Scanner, a cracked version of Acunetix being used for illegal purposes. The scanner is employed for offensive reconnaissance, user data scraping, and vulnerability exploitation. It was detected during a partner's reconnaissance effort, prompting an investigation. The tool is being promoted on Telegram, where actors boast about taking over thousands of websites and selling stolen credentials. A separate Chinese-language panel, also likely using cracked Acunetix software, was discovered. Both tools pose significant threats for reconnaissance prior to sophisticated attacks. The investigation revealed multiple IP addresses hosting Araneida customer panels and the continued sale of the scanner through a specific domain.

External References

https://www.silentpush.com/blog/araneida-scanner-acunetix/
https://otx.alienvault.com/pulse/67652f9f14b0f077bafff996
Tags
credential theft
reconnaissance
telegram
2024-12-20
araneida scanner
web vulnerability
data scraping
cracked acunetix

Date

  • Created: Dec. 20, 2024, 8:49 a.m.
  • Published: Dec. 20, 2024, 8:49 a.m.
  • Modified: Dec. 20, 2024, 11:42 a.m.

Indicators

  • 205.234.181.204
  • 163.5.32.72
  • 163.5.32.204
  • 163.5.32.203
  • 163.5.32.202
  • 163.5.32.179
  • 163.5.169.45
  • 163.5.169.250
  • 157.254.237.94
  • 23.26.77.145
  • 163.5.210.49
  • fofa.su
  • araneida.co
Download all indicators here!

Attack Patterns

  • Araneida Scanner

Additional Informations

  • Technology
  • China
  • France
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America