Daserf Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Язык

en	16
de	2

Страна

cn	10
us	6
kr	2

Акторы

Daserf	1
Winnti	1

Интерес

Тип

Not Defined	6
Content Management System	4
JavaScript Library	2
Web Browser	2
Programming Language Software	2

Поставщик

Not Defined	10
Microsoft	2
Shenzhen Yunni Technology	2
IBM	2

Продукт

WordPress	4
Node.js	2
Coremail	2
Microsoft Internet Explorer	2
My Link Trader	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Coremail Document Attachment межсайтовый скриптинг	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00120	0.00	CVE-2015-6942
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	Расчет	High	Workaround	0.02016	0.00	CVE-2007-1192
3	ExpressVPN Service Port 2015 Xvpnd.exe XVPN.SetPreference обход каталога	6.2	6.0	$0-$5k	$0-$5k	Not Defined	Workaround	0.00044	0.00	CVE-2018-15490
4	Shenzhen Yunni Technology iLnkP2P UID Generator Random слабое шифрование	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00176	0.08	CVE-2019-11219
5	Shenzhen Yunni Technology iLnkP2P Authentication слабая аутентификация	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00669	0.05	CVE-2019-11220
6	Hisilicon HI3510 Web Management Portal Credentials эскалация привилегий	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00104	0.00	CVE-2019-10710
7	Hisilicon HI3510 RTSP Stream/Web Portal эскалация привилегий	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00168	0.00	CVE-2019-10711
8	WordPress URL Validator Redirect	6.6	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00509	0.04	CVE-2018-10101
9	WordPress Password Reset wp-login.php mail эскалация привилегий	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02827	0.05	CVE-2017-8295
10	WordPress Admin Shell эскалация привилегий	7.3	6.6	$25k-$100k	$0-$5k	Functional	Workaround	0.00000	0.00
11	My Link Trader out.php sql-инъекция	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05
12	Apple macOS AppleSMC отказ в обслуживании	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.00	CVE-2016-4678
13	Node.js ServerResponse#writeHead Split эскалация привилегий	6.1	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00437	0.00	CVE-2016-5325
14	Microsoft Internet Explorer Garbage Collection jscript9.dll ProcessMark раскрытие информации	5.3	4.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
15	IBM Java Virtual Machine раскрытие информации	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00555	0.02	CVE-2015-1914

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Актор	Identified	Тип	Уверенность
1	27.255.69.209	Daserf	27.03.2022	verified	Высокий
2	XX.XXX.XX.XXX	Xxxxxx	27.03.2022	verified	Высокий
3	XXX.XXX.X.XX	Xxxxxx	27.03.2022	verified	Высокий
4	XXX.XXX.XXX.XXX	Xxxxxx	27.03.2022	verified	Высокий
5	XXX.XXX.XXX.XX	Xxxxxx	27.03.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Высокий
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Высокий
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
5	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
7	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
9	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/out.php	predictive	Средний
2	File	data/gbconfiguration.dat	predictive	Высокий
3	File	xx-xxxxx.xxx	predictive	Средний
4	File	xxxxx.xxx	predictive	Средний
5	Library	xxxxxxxx.xxx	predictive	Средний
6	Argument	xxxx	predictive	Низкий
7	Argument	xx	predictive	Низкий
8	Argument	xxxxxx	predictive	Низкий
9	Network Port	xxx/xxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you know our Splunk app?

Download it now for free!