DarkHotel 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

语言

en	32
ja	14
es	2
de	2

国家/地区

gb	28
jp	14
us	8

演员

DarkHotel	2

利益

类型

Not Defined	26
Web Server	4
Forum Software	2
Router Operating System	2
Operating System	2

供应商

Not Defined	10
ZyXEL	4
Edimax	2
Duware	2
Acme	2

产品

Edimax EW-7438RPn Mini v2	2
OctoPrint	2
Duware Duclassmate	2
Acme Mini HTTPd	2
libevent	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php 权限升级	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.57	0.00943	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor 内存损坏	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00077	CVE-2023-22388
4	libevent evdns.c name_parse 信息公开	8.5	8.2	$0-$5k	计算	Not Defined	Official Fix	0.00	0.00646	CVE-2016-10195
5	Fortinet FortiOS FortiManager Protocol Service 拒绝服务	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.07626	CVE-2014-2216
6	Qualcomm 429 Mobile Platform Audio Effect Processing 内存损坏	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09	0.00043	CVE-2023-28570
7	Qualcomm 4 Gen 1 Mobile Platform IOE Firmware 信息公开	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00043	CVE-2023-28563
8	OpenSSL Non-prime Moduli BN_mod_sqrt 拒绝服务	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.01342	CVE-2022-0778
9	Microsoft IIS 跨网站脚本	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00548	CVE-2017-0055
10	Linux Kernel audit.c aa_label_parse 内存损坏	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.04	0.00566	CVE-2019-18814
11	Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun 内存损坏	4.6	4.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00276	CVE-2021-29657
12	cURL RTSP/RTP 内存损坏	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00507	CVE-2018-1000122
13	Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt 内存损坏	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00701	CVE-2019-18805
14	Linux Kernel Beacon Head nl80211.c validate_beacon_head 内存损坏	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00855	CVE-2019-16746
15	Linux Kernel wmi.c ath6kl_wmi_cac_event_rx 信息公开	8.2	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.01887	CVE-2019-15926
16	OpenSSH GSS2 auth-gss2.c Username 信息公开	5.3	5.2	$5k-$25k	$5k-$25k	Not Defined	Workaround	0.00	0.00257	CVE-2018-15919
17	ZyXEL NAS weblogin.cgi 权限升级	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.96910	CVE-2020-9054
18	Acme Mini HTTPd Terminal 权限升级	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00303	CVE-2009-4490
19	Samba call_trans2open EchoWrecker 内存损坏	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.02	0.97040	CVE-2003-0201
20	IBM Lotus Domino Web Server Web Container 跨网站脚本	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00246	CVE-2008-2410

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	23.111.184.119	zeus.hosterbox.com	DarkHotel	2022-03-21	verified	高
2	XX.XXX.X.XX	xxxxxxxxxxxx.xxx	Xxxxxxxxx	2022-03-29	verified	高
3	XX.XXX.XX.XX		Xxxxxxxxx	2022-03-27	verified	高
4	XXX.XXX.XXX.XX		Xxxxxxxxx	2022-03-27	verified	高
5	XXX.XXX.XXX.XXX	xxx.xxxxx-xxxx.xxx	Xxxxxxxxx	2022-03-27	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1059	CWE-94	Argument Injection	predictive	高
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/uncpath/	predictive	中
2	File	account.asp	predictive	中
3	File	adv_remotelog.asp	predictive	高
4	File	arch/x86/kvm/svm/nested.c	predictive	高
5	File	xxxx-xxxx.x	predictive	中
6	File	xxxxx.xxx	predictive	中
7	File	xxxxxxx_xxx.xxx	predictive	高
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
9	File	xxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.x	predictive	高
10	File	xxxxx.x	predictive	低
11	File	xxx/xxxxxx.xxx	predictive	高
12	File	xxx/xxxx/xxxxxx_xxx_xxxx.x	predictive	高
13	File	xxx/xxxxxxxx/xxxxxxx.x	predictive	高
14	File	xxxxxxxxxxxxx.xxx	predictive	高
15	File	xxxxxxxx.xxx	predictive	中
16	File	xxxxxxxx/xxxxxxxx/xxxxx.x	predictive	高
17	File	xxxxxxx.xxx	predictive	中
18	File	xxxxxxxx.xxx	predictive	中
19	Argument	xxxxxxxx	predictive	中
20	Argument	xxxxxx	predictive	低
21	Argument	xxxxxxx	predictive	低
22	Argument	xxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxx	predictive	高
23	Argument	xxxxx_xxx	predictive	中
24	Argument	xx_xxxxxxxx	predictive	中
25	Argument	xxx_xxxx	predictive	中
26	Argument	xxxxxx_xxxx	predictive	中
27	Argument	xxxx	predictive	低
28	Argument	xxxxxxxxxxxxxxxx	predictive	高
29	Argument	xxxxxxxx	predictive	中
30	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	高
31	Pattern	\|xx\|	predictive	低
32	Network Port	xxx/xxxx	predictive	中

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!