Today > vulnerabilities   -   You can now download lists of IOCs here!

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

Oct. 2, 2024, 10:52 a.m.

Description

Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services. The tool generates unusual SQL injection patterns that could potentially bypass web application firewalls. It offers features like Dork-based checker, generator, and SQL vulnerability scanner. The research team analyzed the tool's traffic patterns and conducted tests against a vulnerable web application. The main users of this tool were found to be from the U.S., Romania, U.K., and U.A.E. The article emphasizes the importance of machine learning models in detecting unknown attacks and differentiating between automated scans and actual attacks.

Date

Published: Oct. 2, 2024, 1:12 a.m.

Created: Oct. 2, 2024, 1:12 a.m.

Modified: Oct. 2, 2024, 10:52 a.m.

Indicators

e57c2d7f779a36cb5abc9316f4c21f391901f7e07ba2d27ff1c2dd1217dbd536

dcf18b02008762072a330fcf07be885f7c7fc8d4473cb3da41de565959a6da08

c8d4aba7e681ca4172c2ec297786e32cc5cf35265aec0912fd2fdd6143f0c6ad

abc1c1c17694fcad7f7882cc62fa87c9774b807526ed09c8087bf70b1a8c5c18

7b314d68cf60c8d6a13c339a8758e60010499907b84328f238df6fc518023805

58136c339506f4e701ddead6740f72d6cd9091f308bdc64c0c29dd716d9febdd

434d165748455d5e09020ab74c9d33d75a77741cae966e60977185956f663c58

32e875834f7b1990680e666266fffd4dd8782b0621e57d1b07a99bf5bf810ded

Attack Patterns

Swiss Army Suite

T1213

T1590

T1016

T1082

T1083

T1595

T1593

T1046

T1190

T1059

Additional Informations

United Arab Emirates

Romania

United Kingdom of Great Britain and Northern Ireland

United States of America