DangerousSavanna Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en34
ja28
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DangerousSavanna4
Cobalt Strike1
Rhysida1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined34
Content Management System8
Programming Language Software6
Feedback Software2
Smartphone Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
SourceCodester4
Google4
Open Design Alliance2
JoomlaTune2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Axios2
Open Design Alliance Drawings SDK2
JoomlaTune Com Jcomments2
ServiceNow Tokyo2
WordPress AdServe2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.64CVE-2007-0354
2JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
5WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507
6Open Design Alliance Drawings SDK DWG File use after free6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001490.00CVE-2023-26495
7Axios incorrect regex5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.015680.08CVE-2021-3749
8Google Go URL.JoinPath path traversal8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001650.08CVE-2022-32190
9Microsoft Windows SMBv3 SMBGhost input validation10.09.8$25k-$100k$0-$5kHighOfficial Fix0.974840.03CVE-2020-0796
10jeecg-boot qurestSql sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.113110.10CVE-2023-1454
11ServiceNow Tokyo cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.025640.02CVE-2022-39048
12JetBrains IntelliJ IDEA License Server authentication spoofing7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.03CVE-2020-11690
13Mambo mod_mainmenu.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
14JiRos Links Manager openlink.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.006620.00CVE-2006-6147
15phpforum mainfile.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005130.03CVE-2003-0559
16iGamingModules flashgames game.php sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.03CVE-2008-10003
17PHP Mimetype quot_print.c php_quot_print_encode memory corruption7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.054660.03CVE-2013-2110
18Mambo index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001070.00CVE-2008-0517
19lmxcms AcquisiAction.class.php update sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.03CVE-2023-1321
20SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000700.04CVE-2023-1485

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Africa

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.8.126.182ec2-3-8-126-182.eu-west-2.compute.amazonaws.comDangerousSavannaAfrica09/07/2022verifiedMedium
213.37.250.144ec2-13-37-250-144.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica09/07/2022verifiedMedium
313.38.90.3ec2-13-38-90-3.eu-west-3.compute.amazonaws.comDangerousSavannaAfrica09/07/2022verifiedMedium
4XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx09/07/2022verifiedMedium
5XX.XX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx09/07/2022verifiedHigh
6XX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx09/07/2022verifiedHigh
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxXxxxxx09/07/2022verifiedMedium
8XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxXxxxxx09/07/2022verifiedHigh
9XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxx.xxxxxXxxxxxxxxxxxxxxxXxxxxx09/07/2022verifiedHigh
10XXX.X.XXX.XXXxxxxxxxxxxxxxxxXxxxxx09/07/2022verifiedHigh
11XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxXxxxxx09/07/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-24Path TraversalpredictiveHigh
2TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/configure.phppredictiveHigh
2File/admin/inquiries/view_details.phppredictiveHigh
3File/admin/manage-comments.phppredictiveHigh
4File/alphaware/details.phppredictiveHigh
5File/bsenordering/index.phppredictiveHigh
6File/eclime/manufacturers.phppredictiveHigh
7File/install/index.phppredictiveHigh
8File/php-inventory-management-system/product.phppredictiveHigh
9File/subscribe/subscribepredictiveHigh
10Filexxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxxx.xxxpredictiveMedium
13Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
14Filexxxx_xxx_xxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxxxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
22Filexxxxxx.xxxpredictiveMedium
23Filexxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictiveHigh
26Filexxxxxxxx/xxxxxxxxxpredictiveHigh
27Filexxxxxx/xxxxx.xxxpredictiveHigh
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
30Filexxx_xxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveHigh
36Filexxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxx_x/xxxxxx/xxxxxxxxxxx/xxxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxxx_xxxx.xxxpredictiveHigh
40Filexxxx.xxxpredictiveMedium
41Argument$_xxxxxxx["xxx"]predictiveHigh
42ArgumentxxxxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxxxxxxxxxpredictiveMedium
45ArgumentxxxxxxxxxpredictiveMedium
46ArgumentxxxxpredictiveLow
47ArgumentxxxxxxpredictiveLow
48Argumentxxxxxx_xxxxpredictiveMedium
49ArgumentxxxpredictiveLow
50ArgumentxxpredictiveLow
51ArgumentxxxpredictiveLow
52Argumentxxxx_xxxxpredictiveMedium
53Argumentxxxxxxxxxxxxx_xxpredictiveHigh
54Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
55ArgumentxxxxpredictiveLow
56ArgumentxxxxxpredictiveLow
57Argumentxxxxxxx xxxxpredictiveMedium
58ArgumentxxpredictiveLow
59ArgumentxxxxxxpredictiveLow
60ArgumentxxxxxxxxxxxxpredictiveMedium
61Argumentxxxx_xxxxxxpredictiveMedium
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64Input Value-x xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictiveHigh
65Input Valuex) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictiveHigh
66Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictiveHigh
67Pattern/xxxxx/xxxxxxx.xxxpredictiveHigh
68Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!