Pulse Detail — Threat Intelligence

PULSE NAME

DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa

WHITE AlienVault 2022-10-25 Modified: 2022-10-25

133

IOCs

HIGH VOLUME

Checkpoint researchers have discovered a malicious email campaign targeting financial institutions in West and North Africa. This campaign, which has been running for almost two years, often changes its tools and methods, demonstrating the actors’ knowledge of open-source tools and penetration testing software. Checkpoint researchers expect that this campaign, which shows no signs of stopping or slowing down, will continue to adjust its operations and methods with an eye to maximizing its financial gain.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1566 T1059 T1047 T1027 T1055 T1204 T1056 T1036 T1187 T1021 T1053 T1127 T1530 T1102

MALWARE FAMILIES

PoshC2 metasploit DWservice AsyncRAT

Indicators of Compromise (2 / 133 total)

All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://4sync.com/web/directDownload/QHZsERS6/rHb0lMWD.f2e6a9154ab6cd29b337d6b555367580	—	2022-10-25
URL	http://4sync.com/web/directDownload/rE33SDmE/iNXXJkWJ.4bf28df12d9e7d99bc902edb6d23c6e2	—	2022-10-25

References (1)

↗ https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/