PowerDuke Analysis

IOB - Indicator of Behavior (36)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	36

Country

cn	14
be	8
hu	6
us	6
tr	2

Actors

PowerDuke	3
APT29	2

Activities

Interest

Timeline

Type

Not Defined	10
Router Operating System	8
Operating System	4
Firewall Software	4
Smartphone Operating System	2

Vendor

Juniper	8
Cisco	6
Microsoft	4
Not Defined	4
Canon	2

Product

Juniper Junos	8
Microsoft Windows	4
Cisco FirePOWER Management Center	4
Cisco Linksys WAG54GS	2
Canon Imagerunner 9070	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Microsoft Windows LSA Remote Code Execution	8.1	7.4	$100k and more	$5k-$25k	Unproven	Official Fix	0.07	0.02251	CVE-2022-26925
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.04	0.04187	CVE-2007-1192
3	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.03	0.01178	CVE-2022-37969
4	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.86	0.04187	CVE-2010-0966
5	Microsoft Windows Scripting Language Remote Code Execution	8.8	8.4	$25k-$100k	$5k-$25k	Functional	Official Fix	0.07	0.01601	CVE-2022-41128
6	QNAP QVR command injection	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00885	CVE-2022-27588
7	Microsoft Windows User Profile Service Privilege Escalation	7.2	6.8	$25k-$100k	$5k-$25k	Functional	Official Fix	0.03	0.08670	CVE-2022-26904
8	Microsoft Windows Remote Desktop Protocol Remote Code Execution	8.8	8.1	$100k and more	$5k-$25k	Unproven	Official Fix	0.03	0.01967	CVE-2022-21893
9	nginx ngx_http_mp4_module information disclosure	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.13	0.04714	CVE-2018-16845
10	sudo sudoers_policy_main heap-based overflow	8.3	8.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.58695	CVE-2021-3156
11	UltraVNC VNC Client memory corruption	6.8	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00954	CVE-2019-8269
12	Ivan Cordoba Generic Content Management System add_pictures.php cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00885	CVE-2018-20589
13	KeePass CSV Export injection	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00885	CVE-2019-20184
14	Cisco Linksys WAG54GS Admin Password Setting setup.cgi cross-site request forgery	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00000
15	Juniper Junos IGMP Packet denial of service	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.03	0.01213	CVE-2014-0614
16	Samsung Galaxy S9 GameServiceReceiver Update code injection	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	0.01156	CVE-2019-6742
17	Huawei UTPS UTPS Service Query access control	6.0	5.4	$5k-$25k	Calculating	Proof-of-Concept	Official Fix	0.06	0.02042	CVE-2016-8769
18	Cisco FirePOWER Management Center Web Console File information disclosure	6.5	6.5	$5k-$25k	$0-$5k	High	Not Defined	0.00	0.76597	CVE-2016-6435
19	Cisco FirePOWER Management Center CLI improper authentication	7.8	7.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.01832	CVE-2016-6434
20	Technicolor DPC3928AD Port 4321 Service File information disclosure	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.05	0.08382	CVE-2017-11502

Campaigns (1)

These are the campaigns that can be associated with the actor:

PowerDuke

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Type	Confidence
1	65.15.88.243	adsl-065-015-088-243.sip.asm.bellsouth.net	PowerDuke		verified	High
2	81.82.196.162	d5152c4a2.static.telenet.be	PowerDuke		verified	High
3	XX.XXX.XX.XXX	xxxxxxx.xxxx.xx	Xxxxx	Xxxxxxxxx	verified	High
4	XXX.XXX.XX.X		Xxxxxxxxx		verified	High
5	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxxxxxxxx.xxxxx	Xxxxxxxxx		verified	High
6	XXX.XX.XXX.XXX	xxxxxx.xxxx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxxxxxx	verified	High
7	XXX.XXX.XX.XXX	xxxxxx-xx.xxxxxxxxxxxx.xxx	Xxxxxxxxx		verified	High
8	XXX.XXX.XXX.XX	xxxxxx.xxxxx.xxx	Xxxxxxxxx		verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1055	CWE-74	Injection	predictive	High
2	T1059	CWE-94	Cross Site Scripting	predictive	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/setup.cgi	predictive	Medium
2	File	Administrator/add_pictures.php	predictive	High
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
4	File	xxx/xxxxxx.xxx	predictive	High
5	Argument	xxxxxxxx	predictive	Medium
6	Argument	xx	predictive	Low
7	Argument	xxxxx	predictive	Low
8	Input Value	/../	predictive	Low
9	Network Port	xxx/xxxx	predictive	Medium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!