DarkHotel 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

言語

en	32
ja	12
de	4
es	2

国・地域

gb	34
jp	12
us	4

アクター

DarkHotel	2

関心

タイプ

Not Defined	22
Operating System	4
Groupware Software	2
Network Encryption Software	2
Router Operating System	2

ベンダー

Not Defined	10
TP-LINK	4
Linux	4
IBM	2
Basti2web	2

製品

Linux Kernel	4
IBM Lotus Domino Web Server	2
OpenSSL	2
TP-LINK TL-WR940N	2
Basti2web Book Panel	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.42	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	計算中	High	Workaround	0.02016	0.00	CVE-2007-1192
3	Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor メモリ破損	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00077	0.04	CVE-2023-22388
4	libevent evdns.c name_parse 情報の漏洩	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00646	0.00	CVE-2016-10195
5	Fortinet FortiOS FortiManager Protocol Service サービス拒否	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07626	0.03	CVE-2014-2216
6	Qualcomm 429 Mobile Platform Audio Effect Processing メモリ破損	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-28570
7	Qualcomm 4 Gen 1 Mobile Platform IOE Firmware 情報の漏洩	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-28563
8	OpenSSL Non-prime Moduli BN_mod_sqrt サービス拒否	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01342	0.03	CVE-2022-0778
9	Microsoft IIS クロスサイトスクリプティング	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.08	CVE-2017-0055
10	Linux Kernel audit.c aa_label_parse メモリ破損	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00566	0.04	CVE-2019-18814
11	Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun メモリ破損	4.6	4.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00277	0.00	CVE-2021-29657
12	cURL RTSP/RTP メモリ破損	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00507	0.00	CVE-2018-1000122
13	Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt メモリ破損	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00701	0.04	CVE-2019-18805
14	Linux Kernel Beacon Head nl80211.c validate_beacon_head メモリ破損	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00855	0.05	CVE-2019-16746
15	Linux Kernel wmi.c ath6kl_wmi_cac_event_rx 情報の漏洩	8.2	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01887	0.02	CVE-2019-15926
16	OpenSSH GSS2 auth-gss2.c Username 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00257	0.04	CVE-2018-15919
17	ZyXEL NAS weblogin.cgi 特権昇格	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.96901	0.00	CVE-2020-9054
18	Acme Mini HTTPd Terminal 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
19	Samba call_trans2open EchoWrecker メモリ破損	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.97040	0.00	CVE-2003-0201
20	IBM Lotus Domino Web Server Web Container クロスサイトスクリプティング	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00246	0.00	CVE-2008-2410

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	23.111.184.119	zeus.hosterbox.com	DarkHotel	2022年03月21日	verified	高
2	XX.XXX.X.XX	xxxxxxxxxxxx.xxx	Xxxxxxxxx	2022年03月29日	verified	高
3	XX.XXX.XX.XX		Xxxxxxxxx	2022年03月27日	verified	高
4	XXX.XXX.XXX.XX		Xxxxxxxxx	2022年03月27日	verified	高
5	XXX.XXX.XXX.XXX	xxx.xxxxx-xxxx.xxx	Xxxxxxxxx	2022年03月27日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/uncpath/	predictive	中
2	File	account.asp	predictive	中
3	File	adv_remotelog.asp	predictive	高
4	File	arch/x86/kvm/svm/nested.c	predictive	高
5	File	xxxx-xxxx.x	predictive	中
6	File	xxxxx.xxx	predictive	中
7	File	xxxxxxx_xxx.xxx	predictive	高
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
9	File	xxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.x	predictive	高
10	File	xxxxx.x	predictive	低
11	File	xxx/xxxxxx.xxx	predictive	高
12	File	xxx/xxxx/xxxxxx_xxx_xxxx.x	predictive	高
13	File	xxx/xxxxxxxx/xxxxxxx.x	predictive	高
14	File	xxxxxxxxxxxxx.xxx	predictive	高
15	File	xxxxxxxx.xxx	predictive	中
16	File	xxxxxxxx/xxxxxxxx/xxxxx.x	predictive	高
17	File	xxxxxxx.xxx	predictive	中
18	File	xxxxxxxx.xxx	predictive	中
19	Argument	xxxxxxxx	predictive	中
20	Argument	xxxxxx	predictive	低
21	Argument	xxxxxxx	predictive	低
22	Argument	xxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxx	predictive	高
23	Argument	xxxxx_xxx	predictive	中
24	Argument	xx_xxxxxxxx	predictive	中
25	Argument	xxx_xxxx	predictive	中
26	Argument	xxxxxx_xxxx	predictive	中
27	Argument	xxxx	predictive	低
28	Argument	xxxxxxxxxxxxxxxx	predictive	高
29	Argument	xxxxxxxx	predictive	中
30	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	高
31	Pattern	\|xx\|	predictive	低
32	Network Port	xxx/xxxx	predictive	中

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!