Sarwent Analysis

IOB - Indicator of Behavior (18)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dahua IPC-HDW1X2X8
Dahua IPC-HFW1X2X8
Dahua IPC-HDW2X2X8
Dahua IPC-HFW2X2X8
Dahua IPC-HDW4X2X8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Dahua IP Camera access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2017-7253
2eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.290.00000
3Reolink RLC-410W Firmware Update Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2021-40419
4Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF authentication replay7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-30563
5Dahua DH-IPC-Hxxxxxxxxx Authentication hard-coded credentials7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00954CVE-2017-7927
6Dahua IPC-HDW1X2X IP Address information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2019-9680
7Dahua IPC-HDW1X2X Login input validation6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2019-9678
8Dahua IPC-HDW1X2X Debug Function default permission7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2019-9679
9Dahua IPC-HDW1X2X Online Upgrade Reverse Engineering information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2019-9681
10Dahua IPC-HDW1X2X CGI Interface buffer overflow8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2019-9677
11Dahua DHI-HCVR7216A-S3 MD5 access control5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.040.01055CVE-2017-6343
12TP-Link TL-WR841N V13 Traceroute os command injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.09680CVE-2020-35576
13PCCS-Linux MySQLDatabase Admin Tool dbconnect.inc Password information disclosure7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01213CVE-2000-0707
14Red Hat Linux nfs-utils rpc.statd format string9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.10995CVE-2000-0666
15SonicWall SSLVPN SMA100 sql injection7.37.1$0-$5k$0-$5kFunctionalNot Defined0.030.01055CVE-2021-20016

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Amnesty International and Pegasus

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
187.249.53.124713697-cj66716.tmweb.ruSarwentAmnesty International and PegasusverifiedHigh
2XXX.XXX.XXX.XXXxxxxxxXxxxxxx Xxxxxxxxxxxxx Xxx XxxxxxxverifiedHigh
3XXX.X.XX.XXXxxxx.xxxxxx.xxxxxxxXxxxxxxXxxxxxx Xxxxxxxxxxxxx Xxx XxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
2T1059.007CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filedbconnect.incpredictiveHigh
2Filexxx.xxxxxpredictiveMedium
3Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
4ArgumentxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!