PowerDuke Analysis

IOB - Indicator of Behavior (36)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en36

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Juniper Junos8
Microsoft Windows4
Cisco FirePOWER Management Center4
Cisco Linksys WAG54GS2
Canon Imagerunner 90702

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Windows LSA Remote Code Execution8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.070.02251CVE-2022-26925
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
3Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01178CVE-2022-37969
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.860.04187CVE-2010-0966
5Microsoft Windows Scripting Language Remote Code Execution8.88.4$25k-$100k$5k-$25kFunctionalOfficial Fix0.070.01601CVE-2022-41128
6QNAP QVR command injection9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-27588
7Microsoft Windows User Profile Service Privilege Escalation7.26.8$25k-$100k$5k-$25kFunctionalOfficial Fix0.030.08670CVE-2022-26904
8Microsoft Windows Remote Desktop Protocol Remote Code Execution8.88.1$100k and more$5k-$25kUnprovenOfficial Fix0.030.01967CVE-2022-21893
9nginx ngx_http_mp4_module information disclosure4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.130.04714CVE-2018-16845
10sudo sudoers_policy_main heap-based overflow8.38.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.58695CVE-2021-3156
11UltraVNC VNC Client memory corruption6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00954CVE-2019-8269
12Ivan Cordoba Generic Content Management System add_pictures.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2018-20589
13KeePass CSV Export injection6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2019-20184
14Cisco Linksys WAG54GS Admin Password Setting setup.cgi cross-site request forgery7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.020.00000
15Juniper Junos IGMP Packet denial of service5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.030.01213CVE-2014-0614
16Samsung Galaxy S9 GameServiceReceiver Update code injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01156CVE-2019-6742
17Huawei UTPS UTPS Service Query access control6.05.4$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.060.02042CVE-2016-8769
18Cisco FirePOWER Management Center Web Console File information disclosure6.56.5$5k-$25k$0-$5kHighNot Defined0.000.76597CVE-2016-6435
19Cisco FirePOWER Management Center CLI improper authentication7.87.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.01832CVE-2016-6434
20Technicolor DPC3928AD Port 4321 Service File information disclosure7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.050.08382CVE-2017-11502

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • PowerDuke

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/setup.cgipredictiveMedium
2FileAdministrator/add_pictures.phppredictiveHigh
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
4Filexxx/xxxxxx.xxxpredictiveHigh
5ArgumentxxxxxxxxpredictiveMedium
6ArgumentxxpredictiveLow
7ArgumentxxxxxpredictiveLow
8Input Value/../predictiveLow
9Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!