DarkHotel Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Lang

en	30
ja	16
de	4

Land

gb	24
jp	16
us	10

Skådespelare

DarkHotel	2

Intressera

Typ

Not Defined	14
Groupware Software	4
Operating System	4
Forum Software	4
Network Utility Software	2

Säljare

Not Defined	16
Linux	4
ZyXEL	4
DZCP	2
Qualcomm	2

Produkt

Linux Kernel	4
cURL	2
DZCP deV!L`z Clanportal	2
Qualcomm 4 Gen 1 Mobile Platform	2
Qualcomm 4 Gen 2 Mobile Platform	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.25	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor minneskorruption	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00077	0.02	CVE-2023-22388
4	libevent evdns.c name_parse informationsgivning	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00646	0.00	CVE-2016-10195
5	Fortinet FortiOS FortiManager Protocol Service förnekande av tjänsten	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07626	0.03	CVE-2014-2216
6	Qualcomm 429 Mobile Platform Audio Effect Processing minneskorruption	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-28570
7	Qualcomm 4 Gen 1 Mobile Platform IOE Firmware informationsgivning	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-28563
8	OpenSSL Non-prime Moduli BN_mod_sqrt förnekande av tjänsten	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01342	0.00	CVE-2022-0778
9	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.29	CVE-2017-0055
10	Linux Kernel audit.c aa_label_parse minneskorruption	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00566	0.04	CVE-2019-18814
11	Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun minneskorruption	4.6	4.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00277	0.00	CVE-2021-29657
12	cURL RTSP/RTP minneskorruption	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00507	0.00	CVE-2018-1000122
13	Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt minneskorruption	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00701	0.02	CVE-2019-18805
14	Linux Kernel Beacon Head nl80211.c validate_beacon_head minneskorruption	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00855	0.05	CVE-2019-16746
15	Linux Kernel wmi.c ath6kl_wmi_cac_event_rx informationsgivning	8.2	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01887	0.02	CVE-2019-15926
16	OpenSSH GSS2 auth-gss2.c Username informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00257	0.00	CVE-2018-15919
17	ZyXEL NAS weblogin.cgi privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.96910	0.24	CVE-2020-9054
18	Acme Mini HTTPd Terminal privilegier eskalering	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
19	Samba call_trans2open EchoWrecker minneskorruption	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.97040	0.02	CVE-2003-0201
20	IBM Lotus Domino Web Server Web Container cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00246	0.00	CVE-2008-2410

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	23.111.184.119	zeus.hosterbox.com	DarkHotel	21/03/2022	verified	Hög
2	XX.XXX.X.XX	xxxxxxxxxxxx.xxx	Xxxxxxxxx	29/03/2022	verified	Hög
3	XX.XXX.XX.XX		Xxxxxxxxx	27/03/2022	verified	Hög
4	XXX.XXX.XXX.XX		Xxxxxxxxx	27/03/2022	verified	Hög
5	XXX.XXX.XXX.XXX	xxx.xxxxx-xxxx.xxx	Xxxxxxxxx	27/03/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-119, CWE-120, CWE-125, CWE-189, CWE-190, CWE-287, CWE-404, CWE-416, CWE-476, CWE-835	Unknown Vulnerability	predictive	Hög
2	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
3	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/uncpath/	predictive	Medium
2	File	account.asp	predictive	Medium
3	File	adv_remotelog.asp	predictive	Hög
4	File	arch/x86/kvm/svm/nested.c	predictive	Hög
5	File	xxxx-xxxx.x	predictive	Medium
6	File	xxxxx.xxx	predictive	Medium
7	File	xxxxxxx_xxx.xxx	predictive	Hög
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
9	File	xxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.x	predictive	Hög
10	File	xxxxx.x	predictive	Låg
11	File	xxx/xxxxxx.xxx	predictive	Hög
12	File	xxx/xxxx/xxxxxx_xxx_xxxx.x	predictive	Hög
13	File	xxx/xxxxxxxx/xxxxxxx.x	predictive	Hög
14	File	xxxxxxxxxxxxx.xxx	predictive	Hög
15	File	xxxxxxxx.xxx	predictive	Medium
16	File	xxxxxxxx/xxxxxxxx/xxxxx.x	predictive	Hög
17	File	xxxxxxx.xxx	predictive	Medium
18	File	xxxxxxxx.xxx	predictive	Medium
19	Argument	xxxxxxxx	predictive	Medium
20	Argument	xxxxxx	predictive	Låg
21	Argument	xxxxxxx	predictive	Låg
22	Argument	xxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxx	predictive	Hög
23	Argument	xxxxx_xxx	predictive	Medium
24	Argument	xx_xxxxxxxx	predictive	Medium
25	Argument	xxx_xxxx	predictive	Medium
26	Argument	xxxxxx_xxxx	predictive	Medium
27	Argument	xxxx	predictive	Låg
28	Argument	xxxxxxxxxxxxxxxx	predictive	Hög
29	Argument	xxxxxxxx	predictive	Medium
30	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	Hög
31	Pattern	\|xx\|	predictive	Låg
32	Network Port	xxx/xxxx	predictive	Medium

Referenser (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!