DangerousSavanna Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Zeitverlauf

Sprache

en34
ja26
de2
fr2

Land

us34
cn6

Akteure

DangerousSavanna7
Cobalt Strike1
Rhysida1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined34
Content Management System8
Programming Language Software6
Firewall Software2
Project Management Software2

Hersteller

Not Defined18
Fortinet2
Midicart Software2
Pligg2
ServiceNow2

Produkt

Axios2
Fortinet FortiOS SSL-VPN2
Inventory Management System2
Midicart Software MidiCart PHP Shopping Cart2
Pligg CMS2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1MGB OpenSource Guestbook email.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.480.01302CVE-2007-0354
2JoomlaTune Com Jcomments admin.jcomments.php Cross Site Scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00489CVE-2010-5048
3WoltLab Burning Book addentry.php SQL Injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
5WordPress AdServe adclick.php SQL Injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00073CVE-2008-0507
6Open Design Alliance Drawings SDK DWG File Pufferüberlauf6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00149CVE-2023-26495
7Axios erweiterte Rechte5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01349CVE-2021-3749
8Google Go URL.JoinPath Remote Code Execution8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00169CVE-2022-32190
9Microsoft Windows SMBv3 SMBGhost erweiterte Rechte10.09.5$100k und mehr$0-$5kHighOfficial Fix0.040.97484CVE-2020-0796
10jeecg-boot qurestSql SQL Injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.170.08306CVE-2023-1454
11ServiceNow Tokyo Cross Site Scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000.02581CVE-2022-39048
12JetBrains IntelliJ IDEA License Server schwache Authentisierung7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00222CVE-2020-11690
13Mambo mod_mainmenu.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00000
14JiRos Links Manager openlink.asp SQL Injection7.37.1$0-$5k$0-$5kHighUnavailable0.000.00662CVE-2006-6147
15phpforum mainfile.php erweiterte Rechte7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00513CVE-2003-0559
16iGamingModules flashgames game.php SQL Injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00280CVE-2008-10003
17PHP Mimetype quot_print.c php_quot_print_encode Pufferüberlauf7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.05466CVE-2013-2110
18Mambo index.php SQL Injection7.37.1$0-$5kWird berechnetHighUnavailable0.000.00107CVE-2008-0517
19lmxcms AcquisiAction.class.php update SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00135CVE-2023-1321
20SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php Cross Site Scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00062CVE-2023-1485

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • Africa

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
13.8.126.182ec2-3-8-126-182.eu-west-2.compute.amazonaws.comDangerousSavannaAfrica07.09.2022verifiziertMedium
213.37.250.144ec2-13-37-250-144.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica07.09.2022verifiziertMedium
313.38.90.3ec2-13-38-90-3.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica07.09.2022verifiziertMedium
4XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx07.09.2022verifiziertMedium
5XX.XX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx07.09.2022verifiziertHigh
6XX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx07.09.2022verifiziertHigh
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx07.09.2022verifiziertMedium
8XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx07.09.2022verifiziertHigh
9XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxx.xxxxxXxxxxxxxxxxxxxxxXxxxxx07.09.2022verifiziertHigh
10XXX.X.XXX.XXXxxxxxxxxxxxxxxxXxxxxx07.09.2022verifiziertHigh
11XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxXxxxxx07.09.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-24Path TraversalprädiktivHigh
2TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
4TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/admin/configure.phpprädiktivHigh
2File/admin/inquiries/view_details.phpprädiktivHigh
3File/admin/manage-comments.phpprädiktivHigh
4File/alphaware/details.phpprädiktivHigh
5File/bsenordering/index.phpprädiktivHigh
6File/eclime/manufacturers.phpprädiktivHigh
7File/install/index.phpprädiktivHigh
8File/php-inventory-management-system/product.phpprädiktivHigh
9File/subscribe/subscribeprädiktivHigh
10Filexxxxxxxxxxxxx.xxxxx.xxxprädiktivHigh
11Filexxxxxxx.xxxprädiktivMedium
12Filexxxxxxxx.xxxprädiktivMedium
13Filexxxxx.xxxxxxxxx.xxxprädiktivHigh
14Filexxxx_xxx_xxxxxxx.xxxprädiktivHigh
15Filexxxxxxxxxx.xxxxx.xxxprädiktivHigh
16Filexxxxxxxxxxx.xxxprädiktivHigh
17Filexxxxxxxx.xxxprädiktivMedium
18Filexxxxxxxxxx/xxxxxxx/xxxxxxx.xxxprädiktivHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
20Filexxxxx.xxxprädiktivMedium
21Filexxx/xxxxxxxx/xxxx_xxxxx.xprädiktivHigh
22Filexxxxxx.xxxprädiktivMedium
23Filexxxx.xxxprädiktivMedium
24Filexxxxx.xxxprädiktivMedium
25Filexxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxprädiktivHigh
26Filexxxxxxxx/xxxxxxxxxprädiktivHigh
27Filexxxxxx/xxxxx.xxxprädiktivHigh
28Filexxxxxxxx.xxxprädiktivMedium
29Filexxxxxxxxx/xxxx_xxxxxxx.xxxprädiktivHigh
30Filexxx_xxxxxxxx.xxxprädiktivHigh
31Filexxxxxxxx.xxxprädiktivMedium
32Filexxxx.xxxprädiktivMedium
33Filexxxxxxxxxxxxxxxxxxxxx.xxxxprädiktivHigh
34Filexxxxxxx.xxxprädiktivMedium
35Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxprädiktivHigh
36Filexxxxxxxxxx.xxxprädiktivHigh
37Filexxxxxxxx_x/xxxxxx/xxxxxxxxxxx/xxxxxx/xxxxxx-xxxxxx.xxxprädiktivHigh
38Filexxxxxx.xxxprädiktivMedium
39Filexxxxxx_xxxx.xxxprädiktivHigh
40Filexxxx.xxxprädiktivMedium
41Argument$_xxxxxxx["xxx"]prädiktivHigh
42ArgumentxxxxxxxxxxxprädiktivMedium
43ArgumentxxxxxxxxprädiktivMedium
44ArgumentxxxxxxxxxxprädiktivMedium
45ArgumentxxxxxxxxxprädiktivMedium
46ArgumentxxxxprädiktivLow
47ArgumentxxxxxxprädiktivLow
48Argumentxxxxxx_xxxxprädiktivMedium
49ArgumentxxxprädiktivLow
50ArgumentxxprädiktivLow
51ArgumentxxxprädiktivLow
52Argumentxxxx_xxxxprädiktivMedium
53Argumentxxxxxxxxxxxxx_xxprädiktivHigh
54Argumentxxxxxxxxx_xxxxxxxx_xxxxprädiktivHigh
55ArgumentxxxxprädiktivLow
56ArgumentxxxxxprädiktivLow
57Argumentxxxxxxx xxxxprädiktivMedium
58ArgumentxxprädiktivLow
59ArgumentxxxxxxprädiktivLow
60ArgumentxxxxxxxxxxxxprädiktivMedium
61Argumentxxxx_xxxxxxprädiktivMedium
62ArgumentxxxxprädiktivLow
63ArgumentxxxxxxxxprädiktivMedium
64Input Value-x xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#prädiktivHigh
65Input Valuex) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#prädiktivHigh
66Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>prädiktivHigh
67Pattern/xxxxx/xxxxxxx.xxxprädiktivHigh
68Network Portxxx/xxxprädiktivLow

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!