Contact

DarkCracks, an advanced malicious payload & upgrade framework utilizing hacked GLPI and WordPress sites as intermediaries

NetmanageIT OpenCTI - opencti.netmanageit.com

DarkCracks, an advanced malicious payload & upgrade framework utilizing hacked GLPI and WordPress sites as intermediaries



SUMMARY :

DarkCracks is a sophisticated malware framework that exploits compromised GLPI and WordPress sites as intermediaries for payload delivery and command and control. It collects sensitive information from infected devices, maintains long-term access, and uses them as nodes to control other devices or deliver malicious payloads while hiding attacker traces. The framework demonstrates high persistence, stealth, and a well-designed upgrade system. It targets various critical infrastructure across different countries, including school websites, public transit systems, and prison visitor systems. The malware uses a three-layer URL polling mechanism for resilience and encrypts its components for protection. While highly effective in evading detection, it has vulnerabilities in its DGA implementation and C2 panel management that could potentially be exploited to disrupt the network.

OPENCTI LABELS :

wordpress,quasarrat,darkcracks,malware framework,infrastructure compromise,glpi


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DarkCracks, an advanced malicious payload & upgrade framework utilizing hacked GLPI and WordPress sites as intermediaries