DangerousSavanna تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

التسلسل الزمني

اللغة

en32
ja28
de2
zh2

البلد

us34
cn2

الفاعلين

DangerousSavanna5
Cobalt Strike1
Rhysida1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined32
Content Management System10
Programming Language Software6
Project Management Software2
E-Commerce Management Software2

المجهز

Not Defined20
Lyris6
PhpTpoint2
JiRos2
Pligg2

منتج

Lyris ListManager4
lmxcms4
PhpTpoint Pharmacy Management System2
Lyris List Manager2
JiRos Links Manager2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1MGB OpenSource Guestbook email.php حقن إس كيو إل7.37.3$0-$5k$0-$5kHighUnavailable0.013020.88CVE-2007-0354
2JoomlaTune Com Jcomments admin.jcomments.php سكربتات مشتركة4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.08CVE-2010-5048
3WoltLab Burning Book addentry.php حقن إس كيو إل7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
5WordPress AdServe adclick.php حقن إس كيو إل7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507
6Open Design Alliance Drawings SDK DWG File تلف الذاكرة6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001490.00CVE-2023-26495
7Axios تجاوز الصلاحيات5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.015680.04CVE-2021-3749
8Google Go URL.JoinPath Remote Code Execution8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001650.08CVE-2022-32190
9Microsoft Windows SMBv3 SMBGhost تجاوز الصلاحيات10.09.8$25k-$100k$0-$5kHighOfficial Fix0.974840.04CVE-2020-0796
10jeecg-boot qurestSql حقن إس كيو إل7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.113110.04CVE-2023-1454
11ServiceNow Tokyo سكربتات مشتركة4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.024960.02CVE-2022-39048
12JetBrains IntelliJ IDEA License Server توثيق ضعيف7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.04CVE-2020-11690
13Mambo mod_mainmenu.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
14JiRos Links Manager openlink.asp حقن إس كيو إل7.37.1$0-$5k$0-$5kHighUnavailable0.006620.00CVE-2006-6147
15phpforum mainfile.php تجاوز الصلاحيات7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005130.03CVE-2003-0559
16iGamingModules flashgames game.php حقن إس كيو إل7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.08CVE-2008-10003
17PHP Mimetype quot_print.c php_quot_print_encode تلف الذاكرة7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.054660.03CVE-2013-2110
18Mambo index.php حقن إس كيو إل7.37.1$0-$5k$0-$5kHighUnavailable0.001070.00CVE-2008-0517
19lmxcms AcquisiAction.class.php update حقن إس كيو إل6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.08CVE-2023-1321
20SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php سكربتات مشتركة4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.04CVE-2023-1485

حملات (1)

These are the campaigns that can be associated with the actor:

  • Africa

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
13.8.126.182ec2-3-8-126-182.eu-west-2.compute.amazonaws.comDangerousSavannaAfrica07/09/2022verifiedمتوسط
213.37.250.144ec2-13-37-250-144.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica07/09/2022verifiedمتوسط
313.38.90.3ec2-13-38-90-3.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica07/09/2022verifiedمتوسط
4XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx07/09/2022verifiedمتوسط
5XX.XX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx07/09/2022verifiedعالي
6XX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx07/09/2022verifiedعالي
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx07/09/2022verifiedمتوسط
8XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx07/09/2022verifiedعالي
9XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxx.xxxxxXxxxxxxxxxxxxxxxXxxxxx07/09/2022verifiedعالي
10XXX.X.XXX.XXXxxxxxxxxxxxxxxxXxxxxx07/09/2022verifiedعالي
11XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxXxxxxx07/09/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-24Path Traversalpredictiveعالي
2TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/configure.phppredictiveعالي
2File/admin/inquiries/view_details.phppredictiveعالي
3File/admin/manage-comments.phppredictiveعالي
4File/alphaware/details.phppredictiveعالي
5File/bsenordering/index.phppredictiveعالي
6File/eclime/manufacturers.phppredictiveعالي
7File/install/index.phppredictiveعالي
8File/php-inventory-management-system/product.phppredictiveعالي
9File/subscribe/subscribepredictiveعالي
10Filexxxxxxxxxxxxx.xxxxx.xxxpredictiveعالي
11Filexxxxxxx.xxxpredictiveمتوسط
12Filexxxxxxxx.xxxpredictiveمتوسط
13Filexxxxx.xxxxxxxxx.xxxpredictiveعالي
14Filexxxx_xxx_xxxxxxx.xxxpredictiveعالي
15Filexxxxxxxxxx.xxxxx.xxxpredictiveعالي
16Filexxxxxxxxxxx.xxxpredictiveعالي
17Filexxxxxxxx.xxxpredictiveمتوسط
18Filexxxxxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveعالي
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
20Filexxxxx.xxxpredictiveمتوسط
21Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveعالي
22Filexxxxxx.xxxpredictiveمتوسط
23Filexxxx.xxxpredictiveمتوسط
24Filexxxxx.xxxpredictiveمتوسط
25Filexxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictiveعالي
26Filexxxxxxxx/xxxxxxxxxpredictiveعالي
27Filexxxxxx/xxxxx.xxxpredictiveعالي
28Filexxxxxxxx.xxxpredictiveمتوسط
29Filexxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveعالي
30Filexxx_xxxxxxxx.xxxpredictiveعالي
31Filexxxxxxxx.xxxpredictiveمتوسط
32Filexxxx.xxxpredictiveمتوسط
33Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
34Filexxxxxxx.xxxpredictiveمتوسط
35Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveعالي
36Filexxxxxxxxxx.xxxpredictiveعالي
37Filexxxxxxxx_x/xxxxxx/xxxxxxxxxxx/xxxxxx/xxxxxx-xxxxxx.xxxpredictiveعالي
38Filexxxxxx.xxxpredictiveمتوسط
39Filexxxxxx_xxxx.xxxpredictiveعالي
40Filexxxx.xxxpredictiveمتوسط
41Argument$_xxxxxxx["xxx"]predictiveعالي
42Argumentxxxxxxxxxxxpredictiveمتوسط
43Argumentxxxxxxxxpredictiveمتوسط
44Argumentxxxxxxxxxxpredictiveمتوسط
45Argumentxxxxxxxxxpredictiveمتوسط
46Argumentxxxxpredictiveواطئ
47Argumentxxxxxxpredictiveواطئ
48Argumentxxxxxx_xxxxpredictiveمتوسط
49Argumentxxxpredictiveواطئ
50Argumentxxpredictiveواطئ
51Argumentxxxpredictiveواطئ
52Argumentxxxx_xxxxpredictiveمتوسط
53Argumentxxxxxxxxxxxxx_xxpredictiveعالي
54Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveعالي
55Argumentxxxxpredictiveواطئ
56Argumentxxxxxpredictiveواطئ
57Argumentxxxxxxx xxxxpredictiveمتوسط
58Argumentxxpredictiveواطئ
59Argumentxxxxxxpredictiveواطئ
60Argumentxxxxxxxxxxxxpredictiveمتوسط
61Argumentxxxx_xxxxxxpredictiveمتوسط
62Argumentxxxxpredictiveواطئ
63Argumentxxxxxxxxpredictiveمتوسط
64Input Value-x xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictiveعالي
65Input Valuex) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictiveعالي
66Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictiveعالي
67Pattern/xxxxx/xxxxxxx.xxxpredictiveعالي
68Network Portxxx/xxxpredictiveواطئ

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!