Sarwent 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

言語

en	16
ru	2

国・地域

us	16
ua	2

アクター

RedLine Stealer	2
Wirte	1
Dridex	1
Cobalt Strike	1

関心

タイプ

Not Defined	12
Router Operating System	2
Firewall Software	2

ベンダー

Dahua	8
eSyndicat	2
TP-Link	2
Reolink	2
Not Defined	2

製品

Dahua IPC-HDW1X2X	6
Dahua IPC-HFW1X2X	6
Dahua IPC-HDW2X2X	6
Dahua IPC-HFW2X2X	6
Dahua IPC-HDW4X2X	6

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	CTI	EPSS	CVE
1	Dahua IP Camera 特権昇格	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00101	CVE-2017-7253
2	eSyndicat Directory Software suggest-listing.php クロスサイトスクリプティング	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00000
3	Reolink RLC-410W Firmware Update Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00149	CVE-2021-40419
4	Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF 弱い認証	7.8	7.6	$0-$5k	計算中	Not Defined	Official Fix	0.01	0.00135	CVE-2022-30563
5	Dahua DH-IPC-Hxxxxxxxxx Authentication 弱い認証	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.03148	CVE-2017-7927
6	Dahua IPC-HDW1X2X IP Address 情報の漏洩	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00084	CVE-2019-9680
7	Dahua IPC-HDW1X2X Login 特権昇格	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	0.00103	CVE-2019-9678
8	Dahua IPC-HDW1X2X Debug Function 特権昇格	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00104	CVE-2019-9679
9	Dahua IPC-HDW1X2X Online Upgrade Reverse Engineering 情報の漏洩	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00084	CVE-2019-9681
10	Dahua IPC-HDW1X2X CGI Interface メモリ破損	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00250	CVE-2019-9677
11	Dahua DHI-HCVR7216A-S3 MD5 特権昇格	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.31255	CVE-2017-6343
12	TP-Link TL-WR841N V13 Traceroute 特権昇格	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00770	CVE-2020-35576
13	PCCS-Linux MySQLDatabase Admin Tool dbconnect.inc Password 情報の漏洩	7.3	7.0	$5k-$25k	計算中	Not Defined	Official Fix	0.02	0.00696	CVE-2000-0707
14	Red Hat Linux nfs-utils rpc.statd Format String	9.8	8.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.08052	CVE-2000-0666
15	SonicWall SSLVPN SMA100 SQLインジェクション	7.3	7.1	$0-$5k	$0-$5k	Functional	Not Defined	0.02	0.02628	CVE-2021-20016

キャンペーン (1)

These are the campaigns that can be associated with the actor:

Amnesty International and Pegasus

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	87.249.53.124	713697-cj66716.tmweb.ru	Sarwent	Amnesty International and Pegasus	2021年09月30日	verified	高
2	XXX.XXX.XXX.XX		Xxxxxxx	Xxxxxxx Xxxxxxxxxxxxx Xxx Xxxxxxx	2021年09月30日	verified	高
3	XXX.X.XX.XXX	xxxx.xxxxxx.xxxxxxx	Xxxxxxx	Xxxxxxx Xxxxxxxxxxxxx Xxx Xxxxxxx	2021年09月30日	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1040	CWE-294	Authentication Bypass by Capture-replay	predictive	高
2	T1059.007	CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	dbconnect.inc	predictive	高
2	File	xxx.xxxxx	predictive	中
3	File	xxxxxxx-xxxxxxx.xxx	predictive	高
4	Argument	xxxxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!