Daserf Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Cronología

Idioma

en16
de2

País

us8
cn6
kr4

Actores

Daserf1
Winnti1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined12
Content Management System4

Proveedor

Not Defined8
Hisilicon4
Shenzhen Yunni Technology2
Thomas R. Pasawicz2

Producto

WordPress4
Hisilicon HI35104
Hisilicon HI35184
Hisilicon LOOSAFE4
Hisilicon LEVCOECAM4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Coremail Document Attachment cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001200.00CVE-2015-6942
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3ExpressVPN Service Port 2015 Xvpnd.exe XVPN.SetPreference directory traversal6.26.0$0-$5k$0-$5kNot DefinedWorkaround0.000440.00CVE-2018-15490
4Shenzhen Yunni Technology iLnkP2P UID Generator Random cifrado débil7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.001760.03CVE-2019-11219
5Shenzhen Yunni Technology iLnkP2P Authentication autenticación débil7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.006690.04CVE-2019-11220
6Hisilicon HI3510 Web Management Portal Credentials escalada de privilegios6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001040.04CVE-2019-10710
7Hisilicon HI3510 RTSP Stream/Web Portal escalada de privilegios6.46.3$0-$5k$0-$5kNot DefinedWorkaround0.001680.00CVE-2019-10711
8WordPress URL Validator Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.005090.03CVE-2018-10101
9WordPress Password Reset wp-login.php mail escalada de privilegios6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.09CVE-2017-8295
10WordPress Admin Shell escalada de privilegios7.36.6$25k-$100k$0-$5kFunctionalWorkaround0.000000.03
11My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.15
12Apple macOS AppleSMC denegación de servicio7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2016-4678
13Node.js ServerResponse#writeHead Split escalada de privilegios6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004370.00CVE-2016-5325
14Microsoft Internet Explorer Garbage Collection jscript9.dll ProcessMark divulgación de información5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
15IBM Java Virtual Machine divulgación de información5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.007860.02CVE-2015-1914

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
127.255.69.209Daserf2022-03-27verifiedAlto
2XX.XXX.XX.XXXXxxxxx2022-03-27verifiedAlto
3XXX.XXX.X.XXXxxxxx2022-03-27verifiedAlto
4XXX.XXX.XXX.XXXXxxxxx2022-03-27verifiedAlto
5XXX.XXX.XXX.XXXxxxxx2022-03-27verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059.007CWE-79Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/out.phppredictiveMedio
2Filedata/gbconfiguration.datpredictiveAlto
3Filexx-xxxxx.xxxpredictiveMedio
4Filexxxxx.xxxpredictiveMedio
5Libraryxxxxxxxx.xxxpredictiveMedio
6ArgumentxxxxpredictiveBajo
7ArgumentxxpredictiveBajo
8ArgumentxxxxxxpredictiveBajo
9Network Portxxx/xxxxpredictiveMedio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!