DangerousSavanna 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

时间轴

语言

en36
ja26
zh2

国家/地区

us34
cn4

演员

DangerousSavanna4
Cobalt Strike1
Rhysida1

活动

利益

时间轴

类型

Not Defined36
Programming Language Software6
Content Management System6
Smartphone Operating System2
E-Commerce Management Software2

供应商

Not Defined24
Lyris4
Google4
JiRos2
SourceCodester2

产品

JiRos Links Manager2
PHP2
Mambo2
SourceCodester Young Entrepreneur E-Negosyo System2
Lyris List Manager2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1MGB OpenSource Guestbook email.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.540.01302CVE-2007-0354
2JoomlaTune Com Jcomments admin.jcomments.php 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00489CVE-2010-5048
3WoltLab Burning Book addentry.php SQL注入7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
5WordPress AdServe adclick.php SQL注入7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.00073CVE-2008-0507
6Open Design Alliance Drawings SDK DWG File 内存损坏6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00149CVE-2023-26495
7Axios 权限升级5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01349CVE-2021-3749
8Google Go URL.JoinPath Remote Code Execution8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00169CVE-2022-32190
9Microsoft Windows SMBv3 SMBGhost 权限升级10.09.5$100k 以及更多$0-$5kHighOfficial Fix0.040.97484CVE-2020-0796
10jeecg-boot qurestSql SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.410.08306CVE-2023-1454
11ServiceNow Tokyo 跨网站脚本4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000.02581CVE-2022-39048
12JetBrains IntelliJ IDEA License Server 弱身份验证7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00222CVE-2020-11690
13Mambo mod_mainmenu.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00000
14JiRos Links Manager openlink.asp SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.000.00662CVE-2006-6147
15phpforum mainfile.php 权限升级7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00513CVE-2003-0559
16iGamingModules flashgames game.php SQL注入7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00280CVE-2008-10003
17PHP Mimetype quot_print.c php_quot_print_encode 内存损坏7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.05466CVE-2013-2110
18Mambo index.php SQL注入7.37.1$0-$5k计算HighUnavailable0.000.00107CVE-2008-0517
19lmxcms AcquisiAction.class.php update SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00135CVE-2023-1321
20SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php 跨网站脚本4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00062CVE-2023-1485

活动 (1)

These are the campaigns that can be associated with the actor:

  • Africa

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
13.8.126.182ec2-3-8-126-182.eu-west-2.compute.amazonaws.comDangerousSavannaAfrica2022-09-07verified
213.37.250.144ec2-13-37-250-144.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica2022-09-07verified
313.38.90.3ec2-13-38-90-3.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica2022-09-07verified
4XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx2022-09-07verified
5XX.XX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx2022-09-07verified
6XX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx2022-09-07verified
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx2022-09-07verified
8XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx2022-09-07verified
9XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxx.xxxxxXxxxxxxxxxxxxxxxXxxxxx2022-09-07verified
10XXX.X.XXX.XXXxxxxxxxxxxxxxxxXxxxxx2022-09-07verified
11XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxXxxxxx2022-09-07verified

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-24Path Traversalpredictive
2TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XXXxx Xxxxxxxxxpredictive
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/configure.phppredictive
2File/admin/inquiries/view_details.phppredictive
3File/admin/manage-comments.phppredictive
4File/alphaware/details.phppredictive
5File/bsenordering/index.phppredictive
6File/eclime/manufacturers.phppredictive
7File/install/index.phppredictive
8File/php-inventory-management-system/product.phppredictive
9File/subscribe/subscribepredictive
10Filexxxxxxxxxxxxx.xxxxx.xxxpredictive
11Filexxxxxxx.xxxpredictive
12Filexxxxxxxx.xxxpredictive
13Filexxxxx.xxxxxxxxx.xxxpredictive
14Filexxxx_xxx_xxxxxxx.xxxpredictive
15Filexxxxxxxxxx.xxxxx.xxxpredictive
16Filexxxxxxxxxxx.xxxpredictive
17Filexxxxxxxx.xxxpredictive
18Filexxxxxxxxxx/xxxxxxx/xxxxxxx.xxxpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxxx.xxxpredictive
21Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictive
22Filexxxxxx.xxxpredictive
23Filexxxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictive
26Filexxxxxxxx/xxxxxxxxxpredictive
27Filexxxxxx/xxxxx.xxxpredictive
28Filexxxxxxxx.xxxpredictive
29Filexxxxxxxxx/xxxx_xxxxxxx.xxxpredictive
30Filexxx_xxxxxxxx.xxxpredictive
31Filexxxxxxxx.xxxpredictive
32Filexxxx.xxxpredictive
33Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
34Filexxxxxxx.xxxpredictive
35Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictive
36Filexxxxxxxxxx.xxxpredictive
37Filexxxxxxxx_x/xxxxxx/xxxxxxxxxxx/xxxxxx/xxxxxx-xxxxxx.xxxpredictive
38Filexxxxxx.xxxpredictive
39Filexxxxxx_xxxx.xxxpredictive
40Filexxxx.xxxpredictive
41Argument$_xxxxxxx["xxx"]predictive
42Argumentxxxxxxxxxxxpredictive
43Argumentxxxxxxxxpredictive
44Argumentxxxxxxxxxxpredictive
45Argumentxxxxxxxxxpredictive
46Argumentxxxxpredictive
47Argumentxxxxxxpredictive
48Argumentxxxxxx_xxxxpredictive
49Argumentxxxpredictive
50Argumentxxpredictive
51Argumentxxxpredictive
52Argumentxxxx_xxxxpredictive
53Argumentxxxxxxxxxxxxx_xxpredictive
54Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
55Argumentxxxxpredictive
56Argumentxxxxxpredictive
57Argumentxxxxxxx xxxxpredictive
58Argumentxxpredictive
59Argumentxxxxxxpredictive
60Argumentxxxxxxxxxxxxpredictive
61Argumentxxxx_xxxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxxxxpredictive
64Input Value-x xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictive
65Input Valuex) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictive
66Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictive
67Pattern/xxxxx/xxxxxxx.xxxpredictive
68Network Portxxx/xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!