Dukes Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (189)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en108
zh40
ja16
ru8
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA80
CN: China48
RU: Russia28
LU: Luxembourg4
AT: Austria4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dukes7
Cobalt Strike2
RevengeRAT1
DPRK1
CosmicDuke1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined56
Content Management System14
Operating System12
Router Operating System12
Forum Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
Microsoft16
Invision Power Services6
D-Link6
Apache6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Invision Power Services IP.Board6
Google Android4
Microsoft Internet Explorer4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Hunkaray Duyuru Scripti oku.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.008110.00CVE-2007-0688
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192
3Apache Flume JMS Source injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002490.00CVE-2022-34916
4Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000490.05CVE-2018-19464
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.20CVE-2020-12440
6SourceCodester Human Resource Management System employeeadd.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.003390.05CVE-2022-4278
7Bitrix Upload from Local Disk Feature restore.php unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.04CVE-2022-29268
8OpenSSL AES OCB Mode missing encryption4.54.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006750.05CVE-2022-2097
9PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007450.02CVE-2020-36326
10Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.04CVE-2017-12138
11Microsoft Windows RPC over HTTP Reply denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.163260.00CVE-2003-0807
12Apache Dubbo deserialization7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.016070.00CVE-2022-39198
13LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000000.42
14Planka Environment Variable environ path traversal5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000770.05CVE-2022-2653
15Invision Power Services IP.Board URL resource management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002100.00CVE-2015-6812
16Microsoft Windows SMB input validation8.07.9$25k-$100k$0-$5kHighOfficial Fix0.969530.02CVE-2017-0144
17Openfind Mail2000 Attachment cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.04CVE-2024-6740
18Openfind Mail2000 cookie httponly flag4.94.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.03CVE-2024-6741
19Poikosoft EZ CD Audio Converter Activation denial of service4.03.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.16CVE-2024-0886
20Veeam Backup & Replication deserialization9.89.7$0-$5k$0-$5kHighOfficial Fix0.964240.04CVE-2024-40711

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.66.134Dukes12/24/2020verifiedLow
246.246.120.178Dukes12/24/2020verifiedLow
350.7.192.146Dukes12/24/2020verifiedLow
464.18.143.66Dukes12/24/2020verifiedLow
566.29.115.55647807.ds.nac.netDukes12/24/2020verifiedLow
669.59.28.57Dukes12/24/2020verifiedLow
7XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxx12/24/2020verifiedVery Low
8XX.XXX.XX.XXxxxxxxxx.xxxXxxxx12/24/2020verifiedLow
9XX.XXX.XX.XXXxxxx12/24/2020verifiedLow
10XX.XX.XXX.XXXXxxxx12/24/2020verifiedLow
11XX.XXX.XX.XXxxxxx-xx.xxxxxxxx.xxxXxxxx12/24/2020verifiedLow
12XX.XXX.XX.XXXxxxxxxx.xxxxxxx.xxxXxxxx12/24/2020verifiedLow
13XX.XXX.XXX.XXXXxxxx12/24/2020verifiedLow
14XX.XXX.XXX.XXxx-xxxxxx-xx-xxx-xxx-xx.xxxxxx.xxXxxxx12/24/2020verifiedLow
15XX.X.XXX.XXXxxxx12/24/2020verifiedLow
16XX.XX.XXX.XXXxxxx12/24/2020verifiedLow
17XXX.XXX.XXX.XXXXxxxx12/24/2020verifiedLow
18XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxx12/24/2020verifiedLow
19XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedLow
20XXX.XX.XXX.XXxxxxxxx-xxxx-xxx.xxxx-xxxxxxx.xxxXxxxx12/24/2020verifiedLow
21XXX.XX.XXX.XXXXxxxx12/24/2020verifiedLow
22XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx12/24/2020verifiedLow
23XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedLow
24XXX.XX.XX.XXxxxxxx.xx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx12/24/2020verifiedLow
25XXX.XXX.XX.XXXXxxxx12/24/2020verifiedLow
26XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxx.xxxXxxxx12/24/2020verifiedVery Low
27XXX.XX.XXX.XXXXxxxx12/24/2020verifiedLow

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (103)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/users.php?source=edit_user&id=1predictiveHigh
2File/cdsms/classes/Master.php?f=delete_packagepredictiveHigh
3File/debug/pprofpredictiveMedium
4File/forum/away.phppredictiveHigh
5File/hrm/employeeadd.phppredictiveHigh
6File/modules/profile/index.phppredictiveHigh
7File/onvif/device_servicepredictiveHigh
8File/pro/repo-create.htmlpredictiveHigh
9File/proc/self/environpredictiveHigh
10File/rest/project-templates/1.0/createsharedpredictiveHigh
11File/server-statuspredictiveHigh
12File/signup_script.phppredictiveHigh
13File/xxxx-xxxxxxxx.xxxpredictiveHigh
14Filexxx.xxxpredictiveLow
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxx-xxxx.xxxpredictiveMedium
21Filexxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxx.xxxxxxx.xxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxx.xpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxxx.xxxpredictiveHigh
27Filexx.xxxxx.xxxpredictiveMedium
28Filexxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx/xxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx.xxx?xxxx=xxxxxxx_xxxxxpredictiveHigh
35Filexx/xx/xxxxxxxxxxxxxxx.xxpredictiveHigh
36Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
37Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
38FilexxxxpredictiveLow
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxx/xxxx.xpredictiveMedium
41Filexxx.xxxpredictiveLow
42Filexxx/xxxxx.xxxxpredictiveHigh
43Filexxxxx.xxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxx.xxxpredictiveMedium
49Filexxxx_xxxx.xxxpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxx_xxxx.xxxpredictiveHigh
52Filexxx.xxxpredictiveLow
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxxxx.xxpredictiveMedium
55Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
56Filexxxxxx_xxxxxxx.xxxpredictiveHigh
57Filexxxx_xxxxx.xxxxpredictiveHigh
58Filexxxxxx-xxxxxx.xxxpredictiveHigh
59Filexxxx-xxxpredictiveMedium
60Filexxxx/xxxx_xxxxxxx_xxx.xpredictiveHigh
61Filexxxxxxxxxx.xxxpredictiveHigh
62Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
63Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
64Filexx-xxxxxxxxxx.xxxpredictiveHigh
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxpredictiveLow
68Argumentxxxxxxxxxx[]predictiveMedium
69ArgumentxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxxxpredictiveMedium
76Argumentx_xxpredictiveLow
77ArgumentxxpredictiveLow
78Argumentxx_xxxxxpredictiveMedium
79ArgumentxxxxpredictiveLow
80ArgumentxxxpredictiveLow
81Argumentxxxxxxx/xxxxxx_xxpredictiveHigh
82ArgumentxxxxxxxpredictiveLow
83Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
84Argumentxxxx/xxxxxxpredictiveMedium
85ArgumentxxxxxxpredictiveLow
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxpredictiveLow
88ArgumentxxxxxxxxxxxxxpredictiveHigh
89Argumentxxxx_xxxxxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxxxxxx_xxpredictiveMedium
92ArgumentxxxxxxxpredictiveLow
93Argumentxxxxxx_xxxxxxxxpredictiveHigh
94ArgumentxxxxxxpredictiveLow
95ArgumentxxxxxxxxpredictiveMedium
96ArgumentxxxxxxxxxxpredictiveMedium
97ArgumentxxxpredictiveLow
98ArgumentxxxpredictiveLow
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxxxxxxpredictiveMedium
101Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
102Network Portxxx/xxxx (xx-xxx)predictiveHigh
103Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!