ioc[.]one - OSINT Cyber Threat Intelligence Database

DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa - Check Point Research

Tags

cmtmf-attack-pattern:	Masquerading
country:	Cameroon France Morocco Senegal Togo
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Hardware - T1592.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Masquerading - T1036 Powershell - T1086 Scheduled Task - T1053 Masquerading

Show in Graph

Common Information

Type	Value
UUID	7c00c573-0082-4c16-b6d4-672daf675f6a
Fingerprint	a6718df38735cfe0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 6, 2022, 9:57 a.m.
Added to db	Jan. 18, 2023, 8 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa
Title	DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa - Check Point Research
Detected Hints/Tags/Attributes	112/4/139

Source URLs

	Redirection	Url
Details	Source	http://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/

URL Provider

Details	Provider	Source level domain
Details	checkpoint.com	research.checkpoint.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	great.save
Details	Domain	7	paste.c-net.org
Details	Domain	3	4sync.com
Details	Domain	2	filesend.jp
Details	Domain	317	bit.ly
Details	Domain	47	iplogger.org
Details	Domain	1	nedbank.za.com
Details	Domain	1	paste.inexa-group.com
Details	Domain	291	raw.githubusercontent.com
Details	Domain	1	press.giize.com
Details	Domain	1	tf-bank.com
Details	Domain	1	aeternam.me
Details	Domain	1	nedbankplc.4nmn.com
Details	Domain	2	secure.graviom.fr
Details	Domain	1	i-development.one
Details	File	2	great.ico
Details	File	2	great.tar
Details	File	1	nouvelles_dispositions_sanitaires.doc
Details	File	1	provisions.doc
Details	File	1	minom.txt
Details	File	20	mspaint.exe
Details	File	4	windowsformsapp3.exe
Details	File	380	notepad.exe
Details	File	9	2021.pdf
Details	File	1	wintray.exe
Details	File	46	runtimebroker.exe
Details	File	11	iexpress.exe
Details	File	1	wincomp.bat
Details	File	11	slmgr.vbs
Details	File	1	c:\users\public\slmgr.vbs
Details	File	1	c:\users\public\wincomp.bat
Details	File	1122	svchost.exe
Details	File	1	titan.exe
Details	File	1	populaire.exe
Details	File	2	keylogger.log
Details	File	1	chimers.gif
Details	File	2	vox.ps1
Details	md5	1	0b1d7c043be8c696d53d63fc0c834195
Details	md5	1	7b8d0b4e718bc543de4a049e23672d79
Details	md5	1	020ea21556b56229bb9714e721d893df
Details	md5	1	0789e52f16f5fc4ac2dbebadf53d44ec
Details	md5	1	16157cdfd7b0ea98c44df15fb2fcb417
Details	md5	1	1818f84f7f51be74a408f5e193ba5908
Details	md5	1	18889d70d5546b861c6fa4ec11126942
Details	md5	1	192b70891de0d54af6fa46bd35a5fd87
Details	md5	1	1ccd2ce1e827b598207cc65e16686b7b
Details	md5	1	1eb29f64f19e07d42d9ad8f6597424b8
Details	md5	1	1eed3153b1afae1676ebd0db99ac5802
Details	md5	1	1f4f537e550e4299a945a97c1f8a0441
Details	md5	1	28165bb98959e7e7d9be67f0d248b31d
Details	md5	1	2c95e83759487d78070b56e40843c543
Details	md5	1	2e7c90c45b3cd8db15cd22e0caacfd40
Details	md5	1	31515f871cb12d538d53e730e5ddd406
Details	md5	1	3227c8a45ce4ccf8c475a51b331720c1
Details	md5	1	3c70bc09d1f8033e57323879d50ca3ce
Details	md5	1	40ec0d84272f1f2394b4a3b74dafbf70
Details	md5	1	46058baa3ef1bdf553d89439cacf0675
Details	md5	1	46a0071b7e5ea442580a2f80d2fcef42
Details	md5	1	47c68680c9a00b117764114668357e23
Details	md5	1	47cf9fda04b2abef75f1eca9804aaebe
Details	md5	1	496f2a2f14bda410b5f3dcff40bf56c3
Details	md5	1	4f52ca22d2d28e1ecdb9fba92e4cdde3
Details	md5	1	4fb7503dd8b21396bf9643e0dce70fcf
Details	md5	1	4ffd8ae803d7498e2d5a7a7a3a1268f8
Details	md5	1	5038e5cd4888adb3661d9958f04a1ec1
Details	md5	1	505724eac0faf0eb32e4ad25ab5cddfe
Details	md5	1	518a533d6ff1d86afc0f7d94c0a1be7c
Details	md5	1	565a87ba8e79f5e081ea937068082afd
Details	md5	1	57511cb12fb5f505b3330dfec18f3432
Details	md5	1	65cbaec27b51d54dc0bceeef298719a8
Details	md5	1	66ac99b3501846a6c18f2671dbf31873
Details	md5	1	6702f0057c401cf390adc28d201118f8
Details	md5	1	6b14a4d6212087fe8d88ad012dbc8598
Details	md5	1	6b781c1082014a0177f42e918adb35de
Details	md5	1	6c737910247e3122fe810df6a63581f7
Details	md5	1	6c7846d955bb5f3842bb7c35fae1569a
Details	md5	1	725489b29e7afbc045b2814dff5474a6
Details	md5	1	72ca000f40335d771936d077d4cabefb
Details	md5	1	75931e00c81274b1c279d23dfdb0bbad
Details	md5	1	76a8391c77723b06587f648dcbde07e9
Details	md5	1	775c0666a7a482ce664c72ed9195f120
Details	md5	1	7a4927e1a2aad1bc8ccef956130df0c0
Details	md5	1	7b91f06584afdc4a2aa6edd9d04198b7
Details	md5	1	853403bd5feea1ecf83e812759e1ccc7
Details	md5	1	8690ccd36c9d63b63e8d0278f0449e3b
Details	md5	1	886a8ded2ea2f35ee009088d2c24dd32
Details	md5	1	889e8b93ec0c16ffac62ced220ed8e30
Details	md5	1	8f4392f839152c9614699048ee4fea11
Details	md5	1	953d5a3d8e00bbd2dba08579d95c61dc
Details	md5	1	98bf46542e3e9daa280ef0b395a7dabd
Details	md5	1	9a57a80692012878fcb463f41ce6dcfa
Details	md5	1	9d50143836d41726b6564a524453b868
Details	md5	1	9d9da1992f63776e135c1c1215ee1741
Details	md5	1	a027a4f65e0b0a83eccb56d9047347bd
Details	md5	1	a5fd946bc7e8b12cdfd207790216b4b1
Details	md5	1	a6d8cc18af5a983b4c1a7f4838780b01
Details	md5	1	aa3f386f10864f46a09610d0e03a26b5
Details	md5	1	aeee6b71690a1df75792fcd3d11b8ede
Details	md5	1	af8de58e3538fcb40334109bcd571939
Details	md5	1	b397383ba85fc726b424aac26b42f6ae
Details	md5	1	b651f7dcfeb3e304f7eb636000a6b935
Details	md5	1	b895d34958be7565888c15a51e0c73c7
Details	md5	1	b95ba7fb130f95ccae13c54312a69d36
Details	md5	1	bac7be7eebb8670ae624a0179a366148
Details	md5	1	be82532aa428dc5f30107ccfa08da8c6
Details	md5	1	c43c50baa3271b375298847bf6a7fc13
Details	md5	1	c4ee082a4ce704dcb3145e2cfd47ef6f
Details	md5	1	c7beb386813580a4c4812de3ee1aa429
Details	md5	1	c8ed3353ae9c8b84ea7a9e81d2828193
Details	md5	1	c9c001c45b2eecaee9704fb21e731ac7
Details	md5	2	ca09b19b6975e090fb4eda6ced1847b1
Details	md5	1	cced9e8b1a99b9000f4b958f13b164a5
Details	md5	1	d32e387d60a18fd90c4854f167b4df4b
Details	md5	1	d43e6ae895039108cf68a36140190b0f
Details	md5	1	daa6ce148e2b8e5fd694183338db6ec9
Details	md5	1	e166ee1de912bf17453d2da1dc06fc6d
Details	md5	1	e2c3a6bcb015e2e5137d4a46881d38b6
Details	md5	1	f0960552876da5ef74b8ece55116929e
Details	md5	1	f2afcfd2ecfb3ea3261855ce1a4747b7
Details	md5	1	f4a8605fa09e447108eb714eccad57d0
Details	md5	1	fae63014d33efe844a25f2606de900b6
Details	md5	2	f2e6a9154ab6cd29b337d6b555367580
Details	md5	1	4bf28df12d9e7d99bc902edb6d23c6e2
Details	IPv4	2	3.8.126.182
Details	IPv4	2	15.236.51.204
Details	IPv4	2	35.181.50.113
Details	IPv4	1	13.37.250.144
Details	IPv4	1	13.38.90.3
Details	IPv4	1	137.116.142.70
Details	IPv4	1	170.130.172.46
Details	IPv4	1	192.18.141.199
Details	IPv4	1	20.70.163.11
Details	IPv4	1	192.9.244.42
Details	IPv4	1	20.194.195.96
Details	Pdb	2	c:\users\wallstreet\source\repos\billang\billang\obj\release\billang.pdb
Details	Pdb	1	c:\users\wallstreet\source\repos\pdf document\pdf document\obj\release\pdf document.pdb
Details	Pdb	1	c:\users\wallstreet\downloads\programs\backstab-master\x64\debug\backstab.pdb
Details	Pdb	1	c:\users\wallstreet\source\repos\loggerstamp\release\loggerstamp.pdb
Details	Url	1	http://3.8.126.182/minom.txt