DarkHotel Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Idioma

en	32
ja	14
de	4

País

gb	30
jp	14
us	6

Actores

DarkHotel	2

Interesar

Escribe

Not Defined	18
Operating System	6
File Transfer Software	4
Forum Software	4
Firewall Software	2

Proveedor

Not Defined	12
Linux	6
Expinion.net	2
ZyXEL	2
Edimax	2

Producto

Linux Kernel	6
Expinion.net News Manager Lite	2
Samba	2
ZyXEL NAS	2
Edimax EW-7438RPn Mini v2	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.62	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor desbordamiento de búfer	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00077	0.02	CVE-2023-22388
4	libevent evdns.c name_parse divulgación de información	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00646	0.00	CVE-2016-10195
5	Fortinet FortiOS FortiManager Protocol Service denegación de servicio	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07626	0.03	CVE-2014-2216
6	Qualcomm 429 Mobile Platform Audio Effect Processing desbordamiento de búfer	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-28570
7	Qualcomm 4 Gen 1 Mobile Platform IOE Firmware divulgación de información	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-28563
8	OpenSSL Non-prime Moduli BN_mod_sqrt denegación de servicio	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01342	0.00	CVE-2022-0778
9	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.07	CVE-2017-0055
10	Linux Kernel audit.c aa_label_parse desbordamiento de búfer	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00566	0.04	CVE-2019-18814
11	Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun desbordamiento de búfer	4.6	4.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00277	0.00	CVE-2021-29657
12	cURL RTSP/RTP desbordamiento de búfer	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00507	0.00	CVE-2018-1000122
13	Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt desbordamiento de búfer	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00701	0.00	CVE-2019-18805
14	Linux Kernel Beacon Head nl80211.c validate_beacon_head desbordamiento de búfer	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00855	0.02	CVE-2019-16746
15	Linux Kernel wmi.c ath6kl_wmi_cac_event_rx divulgación de información	8.2	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01887	0.02	CVE-2019-15926
16	OpenSSH GSS2 auth-gss2.c Username divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00257	0.03	CVE-2018-15919
17	ZyXEL NAS weblogin.cgi escalada de privilegios	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.96910	0.02	CVE-2020-9054
18	Acme Mini HTTPd Terminal escalada de privilegios	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
19	Samba call_trans2open EchoWrecker desbordamiento de búfer	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.97040	0.02	CVE-2003-0201
20	IBM Lotus Domino Web Server Web Container cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00246	0.02	CVE-2008-2410

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	23.111.184.119	zeus.hosterbox.com	DarkHotel	2022-03-21	verified	Alto
2	XX.XXX.X.XX	xxxxxxxxxxxx.xxx	Xxxxxxxxx	2022-03-29	verified	Alto
3	XX.XXX.XX.XX		Xxxxxxxxx	2022-03-27	verified	Alto
4	XXX.XXX.XXX.XX		Xxxxxxxxx	2022-03-27	verified	Alto
5	XXX.XXX.XXX.XXX	xxx.xxxxx-xxxx.xxx	Xxxxxxxxx	2022-03-27	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/uncpath/	predictive	Medio
2	File	account.asp	predictive	Medio
3	File	adv_remotelog.asp	predictive	Alto
4	File	arch/x86/kvm/svm/nested.c	predictive	Alto
5	File	xxxx-xxxx.x	predictive	Medio
6	File	xxxxx.xxx	predictive	Medio
7	File	xxxxxxx_xxx.xxx	predictive	Alto
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
9	File	xxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.x	predictive	Alto
10	File	xxxxx.x	predictive	Bajo
11	File	xxx/xxxxxx.xxx	predictive	Alto
12	File	xxx/xxxx/xxxxxx_xxx_xxxx.x	predictive	Alto
13	File	xxx/xxxxxxxx/xxxxxxx.x	predictive	Alto
14	File	xxxxxxxxxxxxx.xxx	predictive	Alto
15	File	xxxxxxxx.xxx	predictive	Medio
16	File	xxxxxxxx/xxxxxxxx/xxxxx.x	predictive	Alto
17	File	xxxxxxx.xxx	predictive	Medio
18	File	xxxxxxxx.xxx	predictive	Medio
19	Argument	xxxxxxxx	predictive	Medio
20	Argument	xxxxxx	predictive	Bajo
21	Argument	xxxxxxx	predictive	Bajo
22	Argument	xxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxx	predictive	Alto
23	Argument	xxxxx_xxx	predictive	Medio
24	Argument	xx_xxxxxxxx	predictive	Medio
25	Argument	xxx_xxxx	predictive	Medio
26	Argument	xxxxxx_xxxx	predictive	Medio
27	Argument	xxxx	predictive	Bajo
28	Argument	xxxxxxxxxxxxxxxx	predictive	Alto
29	Argument	xxxxxxxx	predictive	Medio
30	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	Alto
31	Pattern	\|xx\|	predictive	Bajo
32	Network Port	xxx/xxxx	predictive	Medio

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!