DangerousSavanna Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Langue

en	36
ja	28

De campagne

us	30
cn	6

Acteurs

DangerousSavanna	4
Cobalt Strike	1
Rhysida	1

Intérêt

Taper

Not Defined	32
Content Management System	8
Programming Language Software	4
E-Commerce Management Software	4
Project Management Software	2

Fournisseur

Not Defined	24
Google	4
Microsoft	2
PhpTpoint	2
Waimai	2

Produit

Inventory Management System	2
Microsoft .NET Framework	2
PHPMyWind	2
PhpTpoint Pharmacy Management System	2
Waimai Super CMS	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.89	CVE-2007-0354
2	JoomlaTune Com Jcomments admin.jcomments.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00489	0.04	CVE-2010-5048
3	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.02	CVE-2006-5509
4	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
5	WordPress AdServe adclick.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.09	CVE-2008-0507
6	Open Design Alliance Drawings SDK DWG File buffer overflow	6.6	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00149	0.00	CVE-2023-26495
7	Axios elévation de privilèges	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01568	0.04	CVE-2021-3749
8	Google Go URL.JoinPath Remote Code Execution	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00165	0.08	CVE-2022-32190
9	Microsoft Windows SMBv3 SMBGhost elévation de privilèges	10.0	9.8	$25k-$100k	$0-$5k	High	Official Fix	0.97484	0.04	CVE-2020-0796
10	jeecg-boot qurestSql sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.11311	0.19	CVE-2023-1454
11	ServiceNow Tokyo cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02496	0.02	CVE-2022-39048
12	JetBrains IntelliJ IDEA License Server authentification faible	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.04	CVE-2020-11690
13	Mambo mod_mainmenu.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
14	JiRos Links Manager openlink.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00662	0.00	CVE-2006-6147
15	phpforum mainfile.php elévation de privilèges	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00513	0.03	CVE-2003-0559
16	iGamingModules flashgames game.php sql injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00315	0.23	CVE-2008-10003
17	PHP Mimetype quot_print.c php_quot_print_encode buffer overflow	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.05466	0.03	CVE-2013-2110
18	Mambo index.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00107	0.00	CVE-2008-0517
19	lmxcms AcquisiAction.class.php update sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.04	CVE-2023-1321
20	SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00070	0.04	CVE-2023-1485

Campagnes (1)

These are the campaigns that can be associated with the actor:

Africa

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	3.8.126.182	ec2-3-8-126-182.eu-west-2.compute.amazonaws.com	DangerousSavanna	Africa	07/09/2022	verified	Moyen
2	13.37.250.144	ec2-13-37-250-144.eu-west-3.compute.amazonaws.com	DangerousSavanna	Africa	07/09/2022	verified	Moyen
3	13.38.90.3	ec2-13-38-90-3.eu-west-3.compute.amazonaws.com	DangerousSavanna	Africa	07/09/2022	verified	Moyen
4	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Moyen
5	XX.XX.XXX.XX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Élevé
6	XX.XXX.XXX.XX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Élevé
7	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Moyen
8	XXX.XXX.XXX.XX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Élevé
9	XXX.XXX.XXX.XX	xxxxxxxxx.xxxxxxxxxxxx.xxxxx	Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Élevé
10	XXX.X.XXX.XX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Élevé
11	XXX.XX.XXX.XXX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-24	Path Traversal	predictive	Élevé
2	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/admin/configure.php	predictive	Élevé
2	File	/admin/inquiries/view_details.php	predictive	Élevé
3	File	/admin/manage-comments.php	predictive	Élevé
4	File	/alphaware/details.php	predictive	Élevé
5	File	/bsenordering/index.php	predictive	Élevé
6	File	/eclime/manufacturers.php	predictive	Élevé
7	File	/install/index.php	predictive	Élevé
8	File	/php-inventory-management-system/product.php	predictive	Élevé
9	File	/subscribe/subscribe	predictive	Élevé
10	File	xxxxxxxxxxxxx.xxxxx.xxx	predictive	Élevé
11	File	xxxxxxx.xxx	predictive	Moyen
12	File	xxxxxxxx.xxx	predictive	Moyen
13	File	xxxxx.xxxxxxxxx.xxx	predictive	Élevé
14	File	xxxx_xxx_xxxxxxx.xxx	predictive	Élevé
15	File	xxxxxxxxxx.xxxxx.xxx	predictive	Élevé
16	File	xxxxxxxxxxx.xxx	predictive	Élevé
17	File	xxxxxxxx.xxx	predictive	Moyen
18	File	xxxxxxxxxx/xxxxxxx/xxxxxxx.xxx	predictive	Élevé
19	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
20	File	xxxxx.xxx	predictive	Moyen
21	File	xxx/xxxxxxxx/xxxx_xxxxx.x	predictive	Élevé
22	File	xxxxxx.xxx	predictive	Moyen
23	File	xxxx.xxx	predictive	Moyen
24	File	xxxxx.xxx	predictive	Moyen
25	File	xxxxx.xxx?x=xxxxxx&x=xxxxxxxxxx	predictive	Élevé
26	File	xxxxxxxx/xxxxxxxxx	predictive	Élevé
27	File	xxxxxx/xxxxx.xxx	predictive	Élevé
28	File	xxxxxxxx.xxx	predictive	Moyen
29	File	xxxxxxxxx/xxxx_xxxxxxx.xxx	predictive	Élevé
30	File	xxx_xxxxxxxx.xxx	predictive	Élevé
31	File	xxxxxxxx.xxx	predictive	Moyen
32	File	xxxx.xxx	predictive	Moyen
33	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Élevé
34	File	xxxxxxx.xxx	predictive	Moyen
35	File	xxxxxxx/xx_xxxxx_xxxx/xxxx.xxx	predictive	Élevé
36	File	xxxxxxxxxx.xxx	predictive	Élevé
37	File	xxxxxxxx_x/xxxxxx/xxxxxxxxxxx/xxxxxx/xxxxxx-xxxxxx.xxx	predictive	Élevé
38	File	xxxxxx.xxx	predictive	Moyen
39	File	xxxxxx_xxxx.xxx	predictive	Élevé
40	File	xxxx.xxx	predictive	Moyen
41	Argument	$_xxxxxxx["xxx"]	predictive	Élevé
42	Argument	xxxxxxxxxxx	predictive	Moyen
43	Argument	xxxxxxxx	predictive	Moyen
44	Argument	xxxxxxxxxx	predictive	Moyen
45	Argument	xxxxxxxxx	predictive	Moyen
46	Argument	xxxx	predictive	Faible
47	Argument	xxxxxx	predictive	Faible
48	Argument	xxxxxx_xxxx	predictive	Moyen
49	Argument	xxx	predictive	Faible
50	Argument	xx	predictive	Faible
51	Argument	xxx	predictive	Faible
52	Argument	xxxx_xxxx	predictive	Moyen
53	Argument	xxxxxxxxxxxxx_xx	predictive	Élevé
54	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Élevé
55	Argument	xxxx	predictive	Faible
56	Argument	xxxxx	predictive	Faible
57	Argument	xxxxxxx xxxx	predictive	Moyen
58	Argument	xx	predictive	Faible
59	Argument	xxxxxx	predictive	Faible
60	Argument	xxxxxxxxxxxx	predictive	Moyen
61	Argument	xxxx_xxxxxx	predictive	Moyen
62	Argument	xxxx	predictive	Faible
63	Argument	xxxxxxxx	predictive	Moyen
64	Input Value	-x xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#	predictive	Élevé
65	Input Value	x) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#	predictive	Élevé
66	Input Value	<xxxxxx>xxxxx(xxx)</xxxxxx>	predictive	Élevé
67	Pattern	/xxxxx/xxxxxxx.xxx	predictive	Élevé
68	Network Port	xxx/xxx	predictive	Faible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!