Sarwent Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

Sprache

en	16
ru	2

Land

us	16
ua	2

Akteure

RedLine Stealer	2
Wirte	1
Dridex	1
Cobalt Strike	1

Interesse

Typ

Not Defined	10
Firewall Software	2
Network Camera Software	2
Database Software	2

Hersteller

Dahua	12
Not Defined	2
PCCS-Linux	2

Produkt

Dahua IPC-HDW1X2X	10
Dahua IPC-HFW1X2X	10
Dahua IPC-HDW2X2X	10
Dahua IPC-HFW2X2X	10
Dahua IPC-HDW4X2X	10

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Dahua IP Camera erweiterte Rechte	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00101	CVE-2017-7253
2	eSyndicat Directory Software suggest-listing.php Cross Site Scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00000
3	Reolink RLC-410W Firmware Update Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00149	CVE-2021-40419
4	Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF schwache Authentisierung	7.8	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00135	CVE-2022-30563
5	Dahua DH-IPC-Hxxxxxxxxx Authentication schwache Authentisierung	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.03148	CVE-2017-7927
6	Dahua IPC-HDW1X2X IP Address Information Disclosure	5.3	5.1	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.03	0.00084	CVE-2019-9680
7	Dahua IPC-HDW1X2X Login erweiterte Rechte	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00103	CVE-2019-9678
8	Dahua IPC-HDW1X2X Debug Function erweiterte Rechte	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00104	CVE-2019-9679
9	Dahua IPC-HDW1X2X Online Upgrade Reverse Engineering Information Disclosure	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00084	CVE-2019-9681
10	Dahua IPC-HDW1X2X CGI Interface Pufferüberlauf	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00250	CVE-2019-9677
11	Dahua DHI-HCVR7216A-S3 MD5 erweiterte Rechte	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.31255	CVE-2017-6343
12	TP-Link TL-WR841N V13 Traceroute erweiterte Rechte	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00770	CVE-2020-35576
13	PCCS-Linux MySQLDatabase Admin Tool dbconnect.inc Password Information Disclosure	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00696	CVE-2000-0707
14	Red Hat Linux nfs-utils rpc.statd Format String	9.8	8.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.08052	CVE-2000-0666
15	SonicWall SSLVPN SMA100 SQL Injection	7.3	7.1	$0-$5k	$0-$5k	Functional	Not Defined	0.02	0.02628	CVE-2021-20016

Kampagnen (1)

These are the campaigns that can be associated with the actor:

Amnesty International and Pegasus

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	87.249.53.124	713697-cj66716.tmweb.ru	Sarwent	Amnesty International and Pegasus	30.09.2021	verifiziert	High
2	XXX.XXX.XXX.XX		Xxxxxxx	Xxxxxxx Xxxxxxxxxxxxx Xxx Xxxxxxx	30.09.2021	verifiziert	High
3	XXX.X.XX.XXX	xxxx.xxxxxx.xxxxxxx	Xxxxxxx	Xxxxxxx Xxxxxxxxxxxxx Xxx Xxxxxxx	30.09.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1040	CWE-294	Authentication Bypass by Capture-replay	prädiktiv	High
2	T1059.007	CWE-80	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	dbconnect.inc	prädiktiv	High
2	File	xxx.xxxxx	prädiktiv	Medium
3	File	xxxxxxx-xxxxxxx.xxx	prädiktiv	High
4	Argument	xxxxx	prädiktiv	Low

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!