DarkHotel Analysis

IOB - Indicator of Behavior (46)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
ja10
de4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

gb28
jp10
us8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
OctoPrint2
ZyXEL Billion 5200W-T2
vBulletin2
Askey AP4000W2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.790.04187CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
3libevent evdns.c name_parse out-of-bounds8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.080.02172CVE-2016-10195
4Fortinet FortiOS FortiManager Protocol Service denial of service3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.05139CVE-2014-2216
5OpenSSL Non-prime Moduli BN_mod_sqrt infinite loop6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.35455CVE-2022-0778
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.410.25090CVE-2017-0055
7Linux Kernel audit.c aa_label_parse use after free8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.01018CVE-2019-18814
8Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun use after free4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01018CVE-2021-29657
9cURL RTSP/RTP memory corruption8.27.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02686CVE-2018-1000122
10Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt integer overflow8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01108CVE-2019-18805
11Linux Kernel Beacon Head nl80211.c validate_beacon_head buffer overflow8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02686CVE-2019-16746
12Linux Kernel wmi.c ath6kl_wmi_cac_event_rx out-of-bounds8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01537CVE-2019-15926
13OpenSSH GSS2 auth-gss2.c Username information disclosure5.35.2$5k-$25k$5k-$25kNot DefinedWorkaround0.000.05736CVE-2018-15919
14ZyXEL NAS weblogin.cgi os command injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.89460CVE-2020-9054
15Acme Mini HTTPd Terminal input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.04187CVE-2009-4490
16Samba call_trans2open EchoWrecker memory corruption7.37.0$25k-$100k$0-$5kHighOfficial Fix0.000.90163CVE-2003-0201
17IBM Lotus Domino Web Server Web Container cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.01319CVE-2008-2410
18ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.70009CVE-2019-12815
19Xerox CentreWare Web sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01132CVE-2008-3122
20TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.050.04891CVE-2019-6989

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileaccount.asppredictiveMedium
3Fileadv_remotelog.asppredictiveHigh
4Filearch/x86/kvm/svm/nested.cpredictiveHigh
5Filexxxx-xxxx.xpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxx_xxx.xxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.xpredictiveHigh
10Filexxxxx.xpredictiveLow
11Filexxx/xxxxxx.xxxpredictiveHigh
12Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
13Filexxx/xxxxxxxx/xxxxxxx.xpredictiveHigh
14Filexxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx/xxxxxxxx/xxxxx.xpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxxpredictiveLow
21ArgumentxxxxxxxpredictiveLow
22Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
23Argumentxxxxx_xxxpredictiveMedium
24Argumentxx_xxxxxxxxpredictiveMedium
25Argumentxxx_xxxxpredictiveMedium
26Argumentxxxxxx_xxxxpredictiveMedium
27ArgumentxxxxpredictiveLow
28ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
29ArgumentxxxxxxxxpredictiveMedium
30Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
31Pattern|xx|predictiveLow
32Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!