Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning
Oct. 2, 2024, 10:52 a.m.
Tags
External References
Description
Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services. The tool generates unusual SQL injection patterns that could potentially bypass web application firewalls. It offers features like Dork-based checker, generator, and SQL vulnerability scanner. The research team analyzed the tool's traffic patterns and conducted tests against a vulnerable web application. The main users of this tool were found to be from the U.S., Romania, U.K., and U.A.E. The article emphasizes the importance of machine learning models in detecting unknown attacks and differentiating between automated scans and actual attacks.
Date
Published: Oct. 2, 2024, 1:12 a.m.
Created: Oct. 2, 2024, 1:12 a.m.
Modified: Oct. 2, 2024, 10:52 a.m.
Indicators
e57c2d7f779a36cb5abc9316f4c21f391901f7e07ba2d27ff1c2dd1217dbd536
dcf18b02008762072a330fcf07be885f7c7fc8d4473cb3da41de565959a6da08
c8d4aba7e681ca4172c2ec297786e32cc5cf35265aec0912fd2fdd6143f0c6ad
abc1c1c17694fcad7f7882cc62fa87c9774b807526ed09c8087bf70b1a8c5c18
7b314d68cf60c8d6a13c339a8758e60010499907b84328f238df6fc518023805
58136c339506f4e701ddead6740f72d6cd9091f308bdc64c0c29dd716d9febdd
434d165748455d5e09020ab74c9d33d75a77741cae966e60977185956f663c58
32e875834f7b1990680e666266fffd4dd8782b0621e57d1b07a99bf5bf810ded
Attack Patterns
Swiss Army Suite
T1213
T1590
T1016
T1082
T1083
T1595
T1593
T1046
T1190
T1059
Additional Informations
United Arab Emirates
Romania
United Kingdom of Great Britain and Northern Ireland
United States of America