Sarwent Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA16
UA: Ukraine2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer2
Wirte1
Dridex1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Network Camera Software2
Router Operating System2
Database Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Dahua10
Reolink2
TP-Link2
PCCS-Linux2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dahua IPC-HDW1X2X8
Dahua IPC-HFW1X2X8
Dahua IPC-HDW2X2X8
Dahua IPC-HFW2X2X8
Dahua IPC-HDW4X2X8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Dahua IP Camera access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001010.05CVE-2017-7253
2eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000003.00
3Reolink RLC-410W Firmware Update Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.001490.05CVE-2021-40419
4Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF authentication replay7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.04CVE-2022-30563
5Dahua DH-IPC-Hxxxxxxxxx Authentication hard-coded credentials7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.031480.00CVE-2017-7927
6Dahua IPC-HDW1X2X IP Address information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.02CVE-2019-9680
7Dahua IPC-HDW1X2X Login input validation6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2019-9678
8Dahua IPC-HDW1X2X Debug Function default permission7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2019-9679
9Dahua IPC-HDW1X2X Online Upgrade Reverse Engineering information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.04CVE-2019-9681
10Dahua IPC-HDW1X2X CGI Interface buffer overflow8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.04CVE-2019-9677
11Dahua DHI-HCVR7216A-S3 MD5 access control5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.312550.04CVE-2017-6343
12TP-Link TL-WR841N V13 Traceroute os command injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.008040.00CVE-2020-35576
13PCCS-Linux MySQLDatabase Admin Tool dbconnect.inc Password information disclosure7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006960.08CVE-2000-0707
14Red Hat Linux nfs-utils rpc.statd format string9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.080520.00CVE-2000-0666
15SonicWall SSLVPN SMA100 sql injection7.37.3$0-$5k$0-$5kHighNot Defined0.026280.05CVE-2021-20016

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Amnesty International and Pegasus

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
187.249.53.124713697-cj66716.tmweb.ruSarwentAmnesty International and Pegasus09/30/2021verifiedMedium
2XXX.XXX.XXX.XXXxxxxxxXxxxxxx Xxxxxxxxxxxxx Xxx Xxxxxxx09/30/2021verifiedMedium
3XXX.X.XX.XXXxxxx.xxxxxx.xxxxxxxXxxxxxxXxxxxxx Xxxxxxxxxxxxx Xxx Xxxxxxx09/30/2021verifiedLow

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
2T1059.007CAPEC-18CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filedbconnect.incpredictiveHigh
2Filexxx.xxxxxpredictiveMedium
3Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
4ArgumentxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!