DarkCracks, an advanced malicious payload & upgrade framework utilizing hacked GLPI and WordPress sites as intermediaries
Essential information
- Published
- 04/09/2024 08:42
- Modified
- 04/09/2024 09:17
- Tags
- 2024-09-04 darkcracks glpi infrastructure compromise malware framework quasarrat wordpress
- Related entities
- 55 observables, 15 techniques (mitre), 2 malware, 3 others
Description
DarkCracks is a sophisticated malware framework that exploits compromised GLPI and WordPress sites as intermediaries for payload delivery and command and control. It collects sensitive information from infected devices, maintains long-term access, and uses them as nodes to control other devices or deliver malicious payloads while hiding attacker traces. The framework demonstrates high persistence, stealth, and a well-designed upgrade system. It targets various critical infrastructure across different countries, including school websites, public transit systems, and prison visitor systems. The malware uses a three-layer URL polling mechanism for resilience and encrypts its components for protection. While highly effective in evading detection, it has vulnerabilities in its DGA implementation and C2 panel management that could potentially be exploited to disrupt the network.