DarkHotel Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Язык

en	34
ja	14
de	2

Страна

gb	30
jp	14
us	6

Акторы

DarkHotel	2

Интерес

Тип

Not Defined	14
Operating System	8
File Transfer Software	4
Automation Software	4
Groupware Software	4

Поставщик

Linux	8
Not Defined	6
Qualcomm	6
Nortek	4
TP-LINK	4

Продукт

Linux Kernel	8
Qualcomm 820 Automotive Platform	6
Qualcomm 855 Mobile Platform	6
Qualcomm 855+	6
Qualcomm 860 Mobile Platform SM8150-AC	6

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.63	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	Расчет	High	Workaround	0.02016	0.00	CVE-2007-1192
3	Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor повреждение памяти	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00077	0.04	CVE-2023-22388
4	libevent evdns.c name_parse раскрытие информации	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00646	0.00	CVE-2016-10195
5	Fortinet FortiOS FortiManager Protocol Service отказ в обслуживании	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07626	0.03	CVE-2014-2216
6	Qualcomm 429 Mobile Platform Audio Effect Processing повреждение памяти	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-28570
7	Qualcomm 4 Gen 1 Mobile Platform IOE Firmware раскрытие информации	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-28563
8	OpenSSL Non-prime Moduli BN_mod_sqrt отказ в обслуживании	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01342	0.03	CVE-2022-0778
9	Microsoft IIS межсайтовый скриптинг	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.08	CVE-2017-0055
10	Linux Kernel audit.c aa_label_parse повреждение памяти	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00566	0.00	CVE-2019-18814
11	Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun повреждение памяти	4.6	4.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00277	0.00	CVE-2021-29657
12	cURL RTSP/RTP повреждение памяти	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00470	0.00	CVE-2018-1000122
13	Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt повреждение памяти	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00701	0.04	CVE-2019-18805
14	Linux Kernel Beacon Head nl80211.c validate_beacon_head повреждение памяти	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00855	0.05	CVE-2019-16746
15	Linux Kernel wmi.c ath6kl_wmi_cac_event_rx раскрытие информации	8.2	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01887	0.02	CVE-2019-15926
16	OpenSSH GSS2 auth-gss2.c Username раскрытие информации	5.3	5.2	$5k-$25k	$5k-$25k	Not Defined	Workaround	0.00257	0.04	CVE-2018-15919
17	ZyXEL NAS weblogin.cgi эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.96901	0.04	CVE-2020-9054
18	Acme Mini HTTPd Terminal эскалация привилегий	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
19	Samba call_trans2open EchoWrecker повреждение памяти	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.97040	0.00	CVE-2003-0201
20	IBM Lotus Domino Web Server Web Container межсайтовый скриптинг	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00246	0.00	CVE-2008-2410

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	23.111.184.119	zeus.hosterbox.com	DarkHotel	21.03.2022	verified	Высокий
2	XX.XXX.X.XX	xxxxxxxxxxxx.xxx	Xxxxxxxxx	29.03.2022	verified	Высокий
3	XX.XXX.XX.XX		Xxxxxxxxx	27.03.2022	verified	Высокий
4	XXX.XXX.XXX.XX		Xxxxxxxxx	27.03.2022	verified	Высокий
5	XXX.XXX.XXX.XXX	xxx.xxxxx-xxxx.xxx	Xxxxxxxxx	27.03.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Высокий
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Высокий
3	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
4	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/uncpath/	predictive	Средний
2	File	account.asp	predictive	Средний
3	File	adv_remotelog.asp	predictive	Высокий
4	File	arch/x86/kvm/svm/nested.c	predictive	Высокий
5	File	xxxx-xxxx.x	predictive	Средний
6	File	xxxxx.xxx	predictive	Средний
7	File	xxxxxxx_xxx.xxx	predictive	Высокий
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
9	File	xxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.x	predictive	Высокий
10	File	xxxxx.x	predictive	Низкий
11	File	xxx/xxxxxx.xxx	predictive	Высокий
12	File	xxx/xxxx/xxxxxx_xxx_xxxx.x	predictive	Высокий
13	File	xxx/xxxxxxxx/xxxxxxx.x	predictive	Высокий
14	File	xxxxxxxxxxxxx.xxx	predictive	Высокий
15	File	xxxxxxxx.xxx	predictive	Средний
16	File	xxxxxxxx/xxxxxxxx/xxxxx.x	predictive	Высокий
17	File	xxxxxxx.xxx	predictive	Средний
18	File	xxxxxxxx.xxx	predictive	Средний
19	Argument	xxxxxxxx	predictive	Средний
20	Argument	xxxxxx	predictive	Низкий
21	Argument	xxxxxxx	predictive	Низкий
22	Argument	xxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxx	predictive	Высокий
23	Argument	xxxxx_xxx	predictive	Средний
24	Argument	xx_xxxxxxxx	predictive	Средний
25	Argument	xxx_xxxx	predictive	Средний
26	Argument	xxxxxx_xxxx	predictive	Средний
27	Argument	xxxx	predictive	Низкий
28	Argument	xxxxxxxxxxxxxxxx	predictive	Высокий
29	Argument	xxxxxxxx	predictive	Средний
30	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	Высокий
31	Pattern	\|xx\|	predictive	Низкий
32	Network Port	xxx/xxxx	predictive	Средний

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!