Daserf Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Sprache

en	14
de	4

Land

us	8
cn	6
jp	2
kr	2

Akteure

Daserf	1
Winnti	1

Interesse

Typ

Not Defined	10
Operating System	2
Programming Language Software	2
Content Management System	2

Hersteller

Hisilicon	4
Shenzhen Yunni Technology	4
Apple	2
IBM	2
Thomas R. Pasawicz	2

Produkt

Hisilicon HI3510	4
Hisilicon HI3518	4
Hisilicon LOOSAFE	4
Hisilicon LEVCOECAM	4
Hisilicon Sywstoda	4

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Coremail Document Attachment Cross Site Scripting	5.2	5.2	$0-$5k	Wird berechnet	Not Defined	Not Defined	0.00	0.00120	CVE-2015-6942
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	ExpressVPN Service Port 2015 Xvpnd.exe XVPN.SetPreference Directory Traversal	6.2	6.0	$0-$5k	Wird berechnet	Not Defined	Workaround	0.00	0.00044	CVE-2018-15490
4	Shenzhen Yunni Technology iLnkP2P UID Generator Random schwache Verschlüsselung	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00176	CVE-2019-11219
5	Shenzhen Yunni Technology iLnkP2P Authentication schwache Authentisierung	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00669	CVE-2019-11220
6	Hisilicon HI3510 Web Management Portal Credentials erweiterte Rechte	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00104	CVE-2019-10710
7	Hisilicon HI3510 RTSP Stream/Web Portal erweiterte Rechte	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00	0.00168	CVE-2019-10711
8	WordPress URL Validator Redirect	6.6	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00509	CVE-2018-10101
9	WordPress Password Reset wp-login.php mail erweiterte Rechte	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.02827	CVE-2017-8295
10	WordPress Admin Shell erweiterte Rechte	7.3	6.6	$25k-$100k	$0-$5k	Functional	Workaround	0.03	0.00000
11	My Link Trader out.php SQL Injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00000
12	Apple macOS AppleSMC Denial of Service	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00045	CVE-2016-4678
13	Node.js ServerResponse#writeHead Split erweiterte Rechte	6.1	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00437	CVE-2016-5325
14	Microsoft Internet Explorer Garbage Collection jscript9.dll ProcessMark Information Disclosure	5.3	4.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00000
15	IBM Java Virtual Machine Information Disclosure	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00786	CVE-2015-1914

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Akteur	Identifiziert	Typ	Akzeptanz
1	27.255.69.209	Daserf	27.03.2022	verifiziert	High
2	XX.XXX.XX.XXX	Xxxxxx	27.03.2022	verifiziert	High
3	XXX.XXX.X.XX	Xxxxxx	27.03.2022	verifiziert	High
4	XXX.XXX.XXX.XXX	Xxxxxx	27.03.2022	verifiziert	High
5	XXX.XXX.XXX.XX	Xxxxxx	27.03.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059.007	CWE-79	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/out.php	prädiktiv	Medium
2	File	data/gbconfiguration.dat	prädiktiv	High
3	File	xx-xxxxx.xxx	prädiktiv	Medium
4	File	xxxxx.xxx	prädiktiv	Medium
5	Library	xxxxxxxx.xxx	prädiktiv	Medium
6	Argument	xxxx	prädiktiv	Low
7	Argument	xx	prädiktiv	Low
8	Argument	xxxxxx	prädiktiv	Low
9	Network Port	xxx/xxxx	prädiktiv	Medium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!