Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

Oct. 2, 2024, 10:52 a.m.

Description

Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services. The tool generates unusual SQL injection patterns that could potentially bypass web application firewalls. It offers features like Dork-based checker, generator, and SQL vulnerability scanner. The research team analyzed the tool's traffic patterns and conducted tests against a vulnerable web application. The main users of this tool were found to be from the U.S., Romania, U.K., and U.A.E. The article emphasizes the importance of machine learning models in detecting unknown attacks and differentiating between automated scans and actual attacks.

External References

https://otx.alienvault.com/pulse/66fc9e1ba2e3a9016d0bbec7
https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/
Tags
sql injection
2024-10-01
2024-10-02
machine learning
vulnerability scanning
telemetry analysis
swiss army suite
underground tools
dork-based checker
s.a.s
web application security

Date

  • Created: Oct. 2, 2024, 1:12 a.m.
  • Published: Oct. 2, 2024, 1:12 a.m.
  • Modified: Oct. 2, 2024, 10:52 a.m.

Indicators

  • e57c2d7f779a36cb5abc9316f4c21f391901f7e07ba2d27ff1c2dd1217dbd536
  • dcf18b02008762072a330fcf07be885f7c7fc8d4473cb3da41de565959a6da08
  • c8d4aba7e681ca4172c2ec297786e32cc5cf35265aec0912fd2fdd6143f0c6ad
  • abc1c1c17694fcad7f7882cc62fa87c9774b807526ed09c8087bf70b1a8c5c18
  • 7b314d68cf60c8d6a13c339a8758e60010499907b84328f238df6fc518023805
  • 58136c339506f4e701ddead6740f72d6cd9091f308bdc64c0c29dd716d9febdd
  • 434d165748455d5e09020ab74c9d33d75a77741cae966e60977185956f663c58
  • 32e875834f7b1990680e666266fffd4dd8782b0621e57d1b07a99bf5bf810ded
Download all indicators here!

Attack Patterns

  • Swiss Army Suite

Additional Informations

  • United Arab Emirates
  • Romania
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America