DangerousSavanna Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Lang

en	32
ja	28
de	2
fr	2

Land

us	34
cn	4

Skådespelare

DangerousSavanna	6
Cobalt Strike	1
Rhysida	1

Intressera

Typ

Not Defined	34
Programming Language Software	4
Content Management System	4
Project Management Software	2
E-Commerce Management Software	2

Säljare

Not Defined	18
Lyris	6
Google	4
Iatek	2
Ipswitch	2

Produkt

Lyris ListManager	4
Google Go	2
CentOS Web Panel	2
Iatek ProjectApp	2
Codiad	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	MGB OpenSource Guestbook email.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.67	CVE-2007-0354
2	JoomlaTune Com Jcomments admin.jcomments.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00489	0.04	CVE-2010-5048
3	WoltLab Burning Book addentry.php sql injektion	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.02	CVE-2006-5509
4	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
5	WordPress AdServe adclick.php sql injektion	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.04	CVE-2008-0507
6	Open Design Alliance Drawings SDK DWG File minneskorruption	6.6	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00149	0.00	CVE-2023-26495
7	Axios privilegier eskalering	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01568	0.04	CVE-2021-3749
8	Google Go URL.JoinPath Remote Code Execution	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00165	0.08	CVE-2022-32190
9	Microsoft Windows SMBv3 SMBGhost privilegier eskalering	10.0	9.8	$25k-$100k	$0-$5k	High	Official Fix	0.97484	0.04	CVE-2020-0796
10	jeecg-boot qurestSql sql injektion	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.11311	0.08	CVE-2023-1454
11	ServiceNow Tokyo cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02496	0.02	CVE-2022-39048
12	JetBrains IntelliJ IDEA License Server svag autentisering	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.04	CVE-2020-11690
13	Mambo mod_mainmenu.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
14	JiRos Links Manager openlink.asp sql injektion	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00662	0.00	CVE-2006-6147
15	phpforum mainfile.php privilegier eskalering	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00513	0.03	CVE-2003-0559
16	iGamingModules flashgames game.php sql injektion	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00315	0.00	CVE-2008-10003
17	PHP Mimetype quot_print.c php_quot_print_encode minneskorruption	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.05466	0.03	CVE-2013-2110
18	Mambo index.php sql injektion	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00107	0.00	CVE-2008-0517
19	lmxcms AcquisiAction.class.php update sql injektion	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.04	CVE-2023-1321
20	SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00070	0.09	CVE-2023-1485

Kampanjer (1)

These are the campaigns that can be associated with the actor:

Africa

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	3.8.126.182	ec2-3-8-126-182.eu-west-2.compute.amazonaws.com	DangerousSavanna	Africa	07/09/2022	verified	Medium
2	13.37.250.144	ec2-13-37-250-144.eu-west-3.compute.amazonaws.com	DangerousSavanna	Africa	07/09/2022	verified	Medium
3	13.38.90.3	ec2-13-38-90-3.eu-west-3.compute.amazonaws.com	DangerousSavanna	Africa	07/09/2022	verified	Medium
4	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Medium
5	XX.XX.XXX.XX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Hög
6	XX.XXX.XXX.XX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Hög
7	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Medium
8	XXX.XXX.XXX.XX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Hög
9	XXX.XXX.XXX.XX	xxxxxxxxx.xxxxxxxxxxxx.xxxxx	Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Hög
10	XXX.X.XXX.XX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Hög
11	XXX.XX.XXX.XXX		Xxxxxxxxxxxxxxxx	Xxxxxx	07/09/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-24	Path Traversal	predictive	Hög
2	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/admin/configure.php	predictive	Hög
2	File	/admin/inquiries/view_details.php	predictive	Hög
3	File	/admin/manage-comments.php	predictive	Hög
4	File	/alphaware/details.php	predictive	Hög
5	File	/bsenordering/index.php	predictive	Hög
6	File	/eclime/manufacturers.php	predictive	Hög
7	File	/install/index.php	predictive	Hög
8	File	/php-inventory-management-system/product.php	predictive	Hög
9	File	/subscribe/subscribe	predictive	Hög
10	File	xxxxxxxxxxxxx.xxxxx.xxx	predictive	Hög
11	File	xxxxxxx.xxx	predictive	Medium
12	File	xxxxxxxx.xxx	predictive	Medium
13	File	xxxxx.xxxxxxxxx.xxx	predictive	Hög
14	File	xxxx_xxx_xxxxxxx.xxx	predictive	Hög
15	File	xxxxxxxxxx.xxxxx.xxx	predictive	Hög
16	File	xxxxxxxxxxx.xxx	predictive	Hög
17	File	xxxxxxxx.xxx	predictive	Medium
18	File	xxxxxxxxxx/xxxxxxx/xxxxxxx.xxx	predictive	Hög
19	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
20	File	xxxxx.xxx	predictive	Medium
21	File	xxx/xxxxxxxx/xxxx_xxxxx.x	predictive	Hög
22	File	xxxxxx.xxx	predictive	Medium
23	File	xxxx.xxx	predictive	Medium
24	File	xxxxx.xxx	predictive	Medium
25	File	xxxxx.xxx?x=xxxxxx&x=xxxxxxxxxx	predictive	Hög
26	File	xxxxxxxx/xxxxxxxxx	predictive	Hög
27	File	xxxxxx/xxxxx.xxx	predictive	Hög
28	File	xxxxxxxx.xxx	predictive	Medium
29	File	xxxxxxxxx/xxxx_xxxxxxx.xxx	predictive	Hög
30	File	xxx_xxxxxxxx.xxx	predictive	Hög
31	File	xxxxxxxx.xxx	predictive	Medium
32	File	xxxx.xxx	predictive	Medium
33	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Hög
34	File	xxxxxxx.xxx	predictive	Medium
35	File	xxxxxxx/xx_xxxxx_xxxx/xxxx.xxx	predictive	Hög
36	File	xxxxxxxxxx.xxx	predictive	Hög
37	File	xxxxxxxx_x/xxxxxx/xxxxxxxxxxx/xxxxxx/xxxxxx-xxxxxx.xxx	predictive	Hög
38	File	xxxxxx.xxx	predictive	Medium
39	File	xxxxxx_xxxx.xxx	predictive	Hög
40	File	xxxx.xxx	predictive	Medium
41	Argument	$_xxxxxxx["xxx"]	predictive	Hög
42	Argument	xxxxxxxxxxx	predictive	Medium
43	Argument	xxxxxxxx	predictive	Medium
44	Argument	xxxxxxxxxx	predictive	Medium
45	Argument	xxxxxxxxx	predictive	Medium
46	Argument	xxxx	predictive	Låg
47	Argument	xxxxxx	predictive	Låg
48	Argument	xxxxxx_xxxx	predictive	Medium
49	Argument	xxx	predictive	Låg
50	Argument	xx	predictive	Låg
51	Argument	xxx	predictive	Låg
52	Argument	xxxx_xxxx	predictive	Medium
53	Argument	xxxxxxxxxxxxx_xx	predictive	Hög
54	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Hög
55	Argument	xxxx	predictive	Låg
56	Argument	xxxxx	predictive	Låg
57	Argument	xxxxxxx xxxx	predictive	Medium
58	Argument	xx	predictive	Låg
59	Argument	xxxxxx	predictive	Låg
60	Argument	xxxxxxxxxxxx	predictive	Medium
61	Argument	xxxx_xxxxxx	predictive	Medium
62	Argument	xxxx	predictive	Låg
63	Argument	xxxxxxxx	predictive	Medium
64	Input Value	-x xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#	predictive	Hög
65	Input Value	x) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#	predictive	Hög
66	Input Value	<xxxxxx>xxxxx(xxx)</xxxxxx>	predictive	Hög
67	Pattern	/xxxxx/xxxxxxx.xxx	predictive	Hög
68	Network Port	xxx/xxx	predictive	Låg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!