DarkHotel Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en32
ja8
de4
es1

Country

gb30
jp8
us7

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.66CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
3libevent evdns.c name_parse out-of-bounds read8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-10195
4Fortinet FortiOS FortiManager Protocol Service denial of service3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2014-2216
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.59CVE-2017-0055
6Linux Kernel audit.c aa_label_parse use after free8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2019-18814
7Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun use after free4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-29657
8cURL RTSP/RTP memory corruption8.27.8$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-1000122
9Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt integer overflow8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-18805
10Linux Kernel Beacon Head nl80211.c validate_beacon_head buffer overflow8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-16746
11Linux Kernel wmi.c ath6kl_wmi_cac_event_rx out-of-bounds read8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-15926
12OpenSSH GSS2 auth-gss2.c Username information disclosure5.35.2$5k-$25k$5k-$25kNot DefinedWorkaround0.08CVE-2018-15919
13ZyXEL NAS weblogin.cgi os command injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9054
14Acme Mini HTTPd Terminal input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2009-4490
15Samba call_trans2open EchoWrecker memory corruption7.37.0$25k-$100k$0-$5kHighOfficial Fix0.00CVE-2003-0201
16IBM Lotus Domino Web Server Web Container cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2008-2410
17ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-12815
18Xerox CentreWare Web sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2008-3122
19TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.04CVE-2019-6989
20TP-LINK NC200/NC210/NC220/NC230/NC250/NC260/NC450 null pointer dereference6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-10231

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileaccount.asppredictiveMedium
3Fileadv_remotelog.asppredictiveHigh
4Filearch/x86/kvm/svm/nested.cpredictiveHigh
5Filexxxx-xxxx.xpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxx_xxx.xxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.xpredictiveHigh
10Filexxxxx.xpredictiveLow
11Filexxx/xxxxxx.xxxpredictiveHigh
12Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
13Filexxx/xxxxxxxx/xxxxxxx.xpredictiveHigh
14Filexxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx/xxxxxxxx/xxxxx.xpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxxpredictiveLow
21ArgumentxxxxxxxpredictiveLow
22Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
23Argumentxxxxx_xxxpredictiveMedium
24Argumentxx_xxxxxxxxpredictiveMedium
25Argumentxxx_xxxxpredictiveMedium
26Argumentxxxxxx_xxxxpredictiveMedium
27ArgumentxxxxpredictiveLow
28ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
29ArgumentxxxxxxxxpredictiveMedium
30Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
31Pattern|xx|predictiveLow
32Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!