DarkHotel Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Chronologie

Langue

en32
ja12
de4
es2

De campagne

gb32
jp12
us6

Acteurs

DarkHotel2

Activités

Intérêt

Chronologie

Taper

Not Defined16
Operating System6
Connectivity Software2
Network Encryption Software2
Forum Software2

Fournisseur

Not Defined12
Linux6
ZyXEL2
Famatech2
Jelsoft2

Produit

Linux Kernel6
ZyXEL NAS2
OpenSSH2
Famatech Remote Administrator2
OpenSSL2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.490.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor buffer overflow9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00077CVE-2023-22388
4libevent evdns.c name_parse divulgation de l'information8.58.2$0-$5kCalculateurNot DefinedOfficial Fix0.000.00646CVE-2016-10195
5Fortinet FortiOS FortiManager Protocol Service dénie de service3.73.6$0-$5kCalculateurNot DefinedOfficial Fix0.000.07626CVE-2014-2216
6Qualcomm 429 Mobile Platform Audio Effect Processing buffer overflow7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00043CVE-2023-28570
7Qualcomm 4 Gen 1 Mobile Platform IOE Firmware divulgation de l'information5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00043CVE-2023-28563
8OpenSSL Non-prime Moduli BN_mod_sqrt dénie de service6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01342CVE-2022-0778
9Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
10Linux Kernel audit.c aa_label_parse buffer overflow8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00566CVE-2019-18814
11Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun buffer overflow4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00276CVE-2021-29657
12cURL RTSP/RTP buffer overflow8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00507CVE-2018-1000122
13Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt buffer overflow8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00701CVE-2019-18805
14Linux Kernel Beacon Head nl80211.c validate_beacon_head buffer overflow8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00855CVE-2019-16746
15Linux Kernel wmi.c ath6kl_wmi_cac_event_rx divulgation de l'information8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01887CVE-2019-15926
16OpenSSH GSS2 auth-gss2.c Username divulgation de l'information5.35.2$5k-$25k$5k-$25kNot DefinedWorkaround0.000.00257CVE-2018-15919
17ZyXEL NAS weblogin.cgi elévation de privilèges8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.96953CVE-2020-9054
18Acme Mini HTTPd Terminal elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00303CVE-2009-4490
19Samba call_trans2open EchoWrecker buffer overflow7.37.0$25k-$100k$0-$5kHighOfficial Fix0.020.97040CVE-2003-0201
20IBM Lotus Domino Web Server Web Container cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00246CVE-2008-2410

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
123.111.184.119zeus.hosterbox.comDarkHotel21/03/2022verifiedÉlevé
2XX.XXX.X.XXxxxxxxxxxxxx.xxxXxxxxxxxx29/03/2022verifiedÉlevé
3XX.XXX.XX.XXXxxxxxxxx27/03/2022verifiedÉlevé
4XXX.XXX.XXX.XXXxxxxxxxx27/03/2022verifiedÉlevé
5XXX.XXX.XXX.XXXxxx.xxxxx-xxxx.xxxXxxxxxxxx27/03/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1059CWE-94Argument InjectionpredictiveÉlevé
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/uncpath/predictiveMoyen
2Fileaccount.asppredictiveMoyen
3Fileadv_remotelog.asppredictiveÉlevé
4Filearch/x86/kvm/svm/nested.cpredictiveÉlevé
5Filexxxx-xxxx.xpredictiveMoyen
6Filexxxxx.xxxpredictiveMoyen
7Filexxxxxxx_xxx.xxxpredictiveÉlevé
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
9Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.xpredictiveÉlevé
10Filexxxxx.xpredictiveFaible
11Filexxx/xxxxxx.xxxpredictiveÉlevé
12Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveÉlevé
13Filexxx/xxxxxxxx/xxxxxxx.xpredictiveÉlevé
14Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
15Filexxxxxxxx.xxxpredictiveMoyen
16Filexxxxxxxx/xxxxxxxx/xxxxx.xpredictiveÉlevé
17Filexxxxxxx.xxxpredictiveMoyen
18Filexxxxxxxx.xxxpredictiveMoyen
19ArgumentxxxxxxxxpredictiveMoyen
20ArgumentxxxxxxpredictiveFaible
21ArgumentxxxxxxxpredictiveFaible
22Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveÉlevé
23Argumentxxxxx_xxxpredictiveMoyen
24Argumentxx_xxxxxxxxpredictiveMoyen
25Argumentxxx_xxxxpredictiveMoyen
26Argumentxxxxxx_xxxxpredictiveMoyen
27ArgumentxxxxpredictiveFaible
28ArgumentxxxxxxxxxxxxxxxxpredictiveÉlevé
29ArgumentxxxxxxxxpredictiveMoyen
30Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveÉlevé
31Pattern|xx|predictiveFaible
32Network Portxxx/xxxxpredictiveMoyen

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!