DangerousSavanna 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

タイムライン

言語

en36
ja24
fr2
zh2

国・地域

us36
cn6

アクター

DangerousSavanna6
Cobalt Strike1
Rhysida1

アクティビティ

関心

タイムライン

タイプ

Not Defined38
Content Management System6
Programming Language Software2
E-Commerce Management Software2
Feedback Software2

ベンダー

Not Defined22
SourceCodester4
Lyris4
WordPress2
Google2

製品

Lyris ListManager4
lmxcms4
SourceCodester Medicine Tracker System2
WordPress AdServe2
CentOS Web Panel2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013021.05CVE-2007-0354
2JoomlaTune Com Jcomments admin.jcomments.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.03CVE-2010-5048
3WoltLab Burning Book addentry.php SQLインジェクション7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.03CVE-2006-5509
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
5WordPress AdServe adclick.php SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.70CVE-2008-0507
6Open Design Alliance Drawings SDK DWG File メモリ破損6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2023-26495
7Axios 特権昇格5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.018830.00CVE-2021-3749
8Google Go URL.JoinPath Remote Code Execution8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001650.04CVE-2022-32190
9Microsoft Windows SMBv3 SMBGhost 特権昇格10.09.8$25k-$100k$0-$5kHighOfficial Fix0.974810.03CVE-2020-0796
10jeecg-boot qurestSql SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.087480.28CVE-2023-1454
11ServiceNow Tokyo クロスサイトスクリプティング4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.026840.02CVE-2022-39048
12JetBrains IntelliJ IDEA License Server 弱い認証7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.04CVE-2020-11690
13Mambo mod_mainmenu.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
14JiRos Links Manager openlink.asp SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.006620.00CVE-2006-6147
15phpforum mainfile.php 特権昇格7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005130.00CVE-2003-0559
16iGamingModules flashgames game.php SQLインジェクション7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.14CVE-2008-10003
17PHP Mimetype quot_print.c php_quot_print_encode メモリ破損7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.054660.04CVE-2013-2110
18Mambo index.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.001070.00CVE-2008-0517
19lmxcms AcquisiAction.class.php update SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.00CVE-2023-1321
20SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000700.00CVE-2023-1485

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Africa

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
13.8.126.182ec2-3-8-126-182.eu-west-2.compute.amazonaws.comDangerousSavannaAfrica2022年09月07日verified
213.37.250.144ec2-13-37-250-144.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica2022年09月07日verified
313.38.90.3ec2-13-38-90-3.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica2022年09月07日verified
4XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx2022年09月07日verified
5XX.XX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx2022年09月07日verified
6XX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx2022年09月07日verified
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx2022年09月07日verified
8XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx2022年09月07日verified
9XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxx.xxxxxXxxxxxxxxxxxxxxxXxxxxx2022年09月07日verified
10XXX.X.XXX.XXXxxxxxxxxxxxxxxxXxxxxx2022年09月07日verified
11XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxXxxxxx2022年09月07日verified

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CWE-24Path Traversalpredictive
2TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/configure.phppredictive
2File/admin/inquiries/view_details.phppredictive
3File/admin/manage-comments.phppredictive
4File/alphaware/details.phppredictive
5File/bsenordering/index.phppredictive
6File/eclime/manufacturers.phppredictive
7File/install/index.phppredictive
8File/php-inventory-management-system/product.phppredictive
9File/subscribe/subscribepredictive
10Filexxxxxxxxxxxxx.xxxxx.xxxpredictive
11Filexxxxxxx.xxxpredictive
12Filexxxxxxxx.xxxpredictive
13Filexxxxx.xxxxxxxxx.xxxpredictive
14Filexxxx_xxx_xxxxxxx.xxxpredictive
15Filexxxxxxxxxx.xxxxx.xxxpredictive
16Filexxxxxxxxxxx.xxxpredictive
17Filexxxxxxxx.xxxpredictive
18Filexxxxxxxxxx/xxxxxxx/xxxxxxx.xxxpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxxx.xxxpredictive
21Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictive
22Filexxxxxx.xxxpredictive
23Filexxxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictive
26Filexxxxxxxx/xxxxxxxxxpredictive
27Filexxxxxx/xxxxx.xxxpredictive
28Filexxxxxxxx.xxxpredictive
29Filexxxxxxxxx/xxxx_xxxxxxx.xxxpredictive
30Filexxx_xxxxxxxx.xxxpredictive
31Filexxxxxxxx.xxxpredictive
32Filexxxx.xxxpredictive
33Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
34Filexxxxxxx.xxxpredictive
35Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictive
36Filexxxxxxxxxx.xxxpredictive
37Filexxxxxxxx_x/xxxxxx/xxxxxxxxxxx/xxxxxx/xxxxxx-xxxxxx.xxxpredictive
38Filexxxxxx.xxxpredictive
39Filexxxxxx_xxxx.xxxpredictive
40Filexxxx.xxxpredictive
41Argument$_xxxxxxx["xxx"]predictive
42Argumentxxxxxxxxxxxpredictive
43Argumentxxxxxxxxpredictive
44Argumentxxxxxxxxxxpredictive
45Argumentxxxxxxxxxpredictive
46Argumentxxxxpredictive
47Argumentxxxxxxpredictive
48Argumentxxxxxx_xxxxpredictive
49Argumentxxxpredictive
50Argumentxxpredictive
51Argumentxxxpredictive
52Argumentxxxx_xxxxpredictive
53Argumentxxxxxxxxxxxxx_xxpredictive
54Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
55Argumentxxxxpredictive
56Argumentxxxxxpredictive
57Argumentxxxxxxx xxxxpredictive
58Argumentxxpredictive
59Argumentxxxxxxpredictive
60Argumentxxxxxxxxxxxxpredictive
61Argumentxxxx_xxxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxxxxpredictive
64Input Value-x xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictive
65Input Valuex) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictive
66Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictive
67Pattern/xxxxx/xxxxxxx.xxxpredictive
68Network Portxxx/xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!