DarkHotel Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (56)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en34
ja14
de6
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

GB: Great Britain32
JP: Japan14
US: USA6
CN: China4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DarkHotel3
Loki Password Stealer (PWS)1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined24
Firewall Software4
Automation Software4
SSH Server Software2
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Fortinet4
Nortek4
Qualcomm2
Linux2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Fortinet FortiOS4
Nortek Linear eMerge E34
Qualcomm 4 Gen 1 Mobile Platform2
Qualcomm 4 Gen 2 Mobile Platform2
Qualcomm 7c+ Gen 3 Compute2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.41CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
3Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor memory corruption9.89.6$5k-$25k$0-$5kNot definedOfficial fix 0.001960.00CVE-2023-22388
4SSH SSH-1 Protocol cryptographic issues7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.022890.18CVE-2001-1473
5libevent evdns.c name_parse out-of-bounds8.58.2$0-$5k$0-$5kNot definedOfficial fix 0.070380.00CVE-2016-10195
6Fortinet FortiOS FortiManager Protocol Service denial of service3.73.6$0-$5k$0-$5kNot definedOfficial fix 0.058130.00CVE-2014-2216
7Dahua IPC-HX3XXX Data Packet improper authentication8.98.7$0-$5k$0-$5kHighOfficial fixverified0.942690.00CVE-2021-33044
8Apple iOS/iPadOS IOMobileFrameBuffer out-of-bounds write7.87.6$25k-$100k$5k-$25kNot definedOfficial fix 0.000490.00CVE-2022-46690
9Qualcomm 429 Mobile Platform Audio Effect Processing memory corruption7.17.0$0-$5k$0-$5kNot definedOfficial fix 0.000360.00CVE-2023-28570
10Qualcomm 4 Gen 1 Mobile Platform IOE Firmware information disclosure5.04.9$0-$5k$0-$5kNot definedOfficial fix 0.000370.00CVE-2023-28563
11HPE iLO 5 Remote Code Execution8.17.9$5k-$25k$0-$5kNot definedOfficial fix 0.000610.00CVE-2022-28633
12Fortinet FortiOS SSL VPN Web Portal cross site scripting5.05.0$0-$5k$0-$5kNot definedOfficial fix 0.346930.00CVE-2018-13380
13OpenSSL Non-prime Moduli BN_mod_sqrt infinite loop6.46.3$5k-$25k$0-$5kNot definedOfficial fix 0.113730.09CVE-2022-0778
14Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.06CVE-2017-0055
15Linux Kernel audit.c aa_label_parse use after free8.58.5$5k-$25k$5k-$25kNot definedNot defined 0.005040.08CVE-2019-18814
16Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun use after free4.64.4$5k-$25k$0-$5kNot definedOfficial fix 0.000110.00CVE-2021-29657
17cURL RTSP/RTP memory corruption8.28.0$0-$5k$0-$5kNot definedOfficial fix 0.014560.00CVE-2018-1000122
18Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt integer overflow8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.005670.00CVE-2019-18805
19Linux Kernel Beacon Head nl80211.c validate_beacon_head buffer overflow8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.031840.08CVE-2019-16746
20Linux Kernel wmi.c ath6kl_wmi_cac_event_rx out-of-bounds8.28.0$5k-$25k$0-$5kNot definedOfficial fix 0.029190.03CVE-2019-15926

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.111.184.119zeus.hosterbox.comDarkHotel03/21/2022verifiedLow
237.220.0.41fvenxjtzuaxu.comDarkHotel03/29/2022verifiedLow
3XX.XXX.XX.XXXxxxxxxxx03/27/2022verifiedLow
4XXX.XXX.XX.XXXXxxxxxxxx11/14/2024verifiedVery High
5XXX.XXX.XXX.XXXxxxxxxxx03/27/2022verifiedLow
6XXX.XXX.XXX.XXXxxx.xxxxx-xxxx.xxxXxxxxxxxx03/27/2022verifiedLow

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileaccount.asppredictiveMedium
3Fileadv_remotelog.asppredictiveHigh
4Filearch/x86/kvm/svm/nested.cpredictiveHigh
5Filexxxx-xxxx.xpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxx_xxx.xxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.xpredictiveHigh
10Filexxxxx.xpredictiveLow
11Filexxx/xxxxxx.xxxpredictiveHigh
12Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
13Filexxx/xxxxxxxx/xxxxxxx.xpredictiveHigh
14Filexxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx/xxxxxxxx/xxxxx.xpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxxpredictiveLow
21ArgumentxxxxxxxpredictiveLow
22Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
23Argumentxxxxx_xxxpredictiveMedium
24Argumentxx_xxxxxxxxpredictiveMedium
25Argumentxxx_xxxxpredictiveMedium
26Argumentxxxxxx_xxxxpredictiveMedium
27ArgumentxxxxpredictiveLow
28ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
29ArgumentxxxxxxxxpredictiveMedium
30Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
31Pattern|xx|predictiveLow
32Network Portxxx/xxxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!