DarkHotel تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

التسلسل الزمني

اللغة

en34
ja14
de2

البلد

gb30
jp14
us6

الفاعلين

DarkHotel2

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined18
Operating System8
Groupware Software4
Automation Software2
Content Management System2

المجهز

Linux8
Not Defined8
Qualcomm4
ZyXEL4
TP-LINK2

منتج

Linux Kernel8
Qualcomm 429 Mobile Platform4
Qualcomm 820 Automotive Platform4
Qualcomm 835 Mobile PC Platform4
Qualcomm 855 Mobile Platform4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.48CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor تلف الذاكرة9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000770.02CVE-2023-22388
4libevent evdns.c name_parse الكشف عن المعلومات8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006460.00CVE-2016-10195
5Fortinet FortiOS FortiManager Protocol Service الحرمان من الخدمة3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.076260.03CVE-2014-2216
6Qualcomm 429 Mobile Platform Audio Effect Processing تلف الذاكرة7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-28570
7Qualcomm 4 Gen 1 Mobile Platform IOE Firmware الكشف عن المعلومات5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-28563
8OpenSSL Non-prime Moduli BN_mod_sqrt الحرمان من الخدمة6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.013420.00CVE-2022-0778
9Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
10Linux Kernel audit.c aa_label_parse تلف الذاكرة8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.005660.04CVE-2019-18814
11Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun تلف الذاكرة4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002770.00CVE-2021-29657
12cURL RTSP/RTP تلف الذاكرة8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005070.00CVE-2018-1000122
13Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt تلف الذاكرة8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.007010.02CVE-2019-18805
14Linux Kernel Beacon Head nl80211.c validate_beacon_head تلف الذاكرة8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.008550.02CVE-2019-16746
15Linux Kernel wmi.c ath6kl_wmi_cac_event_rx الكشف عن المعلومات8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.018870.02CVE-2019-15926
16OpenSSH GSS2 auth-gss2.c Username الكشف عن المعلومات5.35.2$5k-$25k$5k-$25kNot DefinedWorkaround0.002570.02CVE-2018-15919
17ZyXEL NAS weblogin.cgi تجاوز الصلاحيات8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.969100.02CVE-2020-9054
18Acme Mini HTTPd Terminal تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003030.04CVE-2009-4490
19Samba call_trans2open EchoWrecker تلف الذاكرة7.37.0$25k-$100k$0-$5kHighOfficial Fix0.970400.02CVE-2003-0201
20IBM Lotus Domino Web Server Web Container سكربتات مشتركة4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002460.02CVE-2008-2410

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
123.111.184.119zeus.hosterbox.comDarkHotel21/03/2022verifiedعالي
2XX.XXX.X.XXxxxxxxxxxxxx.xxxXxxxxxxxx29/03/2022verifiedعالي
3XX.XXX.XX.XXXxxxxxxxx27/03/2022verifiedعالي
4XXX.XXX.XXX.XXXxxxxxxxx27/03/2022verifiedعالي
5XXX.XXX.XXX.XXXxxx.xxxxx-xxxx.xxxXxxxxxxxx27/03/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059CWE-94Argument Injectionpredictiveعالي
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/uncpath/predictiveمتوسط
2Fileaccount.asppredictiveمتوسط
3Fileadv_remotelog.asppredictiveعالي
4Filearch/x86/kvm/svm/nested.cpredictiveعالي
5Filexxxx-xxxx.xpredictiveمتوسط
6Filexxxxx.xxxpredictiveمتوسط
7Filexxxxxxx_xxx.xxxpredictiveعالي
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
9Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.xpredictiveعالي
10Filexxxxx.xpredictiveواطئ
11Filexxx/xxxxxx.xxxpredictiveعالي
12Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveعالي
13Filexxx/xxxxxxxx/xxxxxxx.xpredictiveعالي
14Filexxxxxxxxxxxxx.xxxpredictiveعالي
15Filexxxxxxxx.xxxpredictiveمتوسط
16Filexxxxxxxx/xxxxxxxx/xxxxx.xpredictiveعالي
17Filexxxxxxx.xxxpredictiveمتوسط
18Filexxxxxxxx.xxxpredictiveمتوسط
19Argumentxxxxxxxxpredictiveمتوسط
20Argumentxxxxxxpredictiveواطئ
21Argumentxxxxxxxpredictiveواطئ
22Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveعالي
23Argumentxxxxx_xxxpredictiveمتوسط
24Argumentxx_xxxxxxxxpredictiveمتوسط
25Argumentxxx_xxxxpredictiveمتوسط
26Argumentxxxxxx_xxxxpredictiveمتوسط
27Argumentxxxxpredictiveواطئ
28Argumentxxxxxxxxxxxxxxxxpredictiveعالي
29Argumentxxxxxxxxpredictiveمتوسط
30Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveعالي
31Pattern|xx|predictiveواطئ
32Network Portxxx/xxxxpredictiveمتوسط

المصادر (4)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!