PowerPool Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
zh6
ko4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn22
us16
kr6
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

PowerPool (Win ALPC Zero-day)1
PlugX1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Programming Language Software4
Cloud Software4
Forum Software2
Network Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
IBM4
Apache4
cloudwu2
Zabbix2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP2
jforum2
cloudwu PBC2
Zabbix Server2
D-Link DIR-6102

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1GitLab Community Edition/Enterprise Edition Image File Privilege Escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.010.97463CVE-2021-22205
2Oracle Java SE Libraries unknown vulnerability5.95.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00249CVE-2021-2161
3Nginx Autoindex Module integer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00845CVE-2017-20005
4Juniper ScreenOS cryptographic issues7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02583CVE-2015-7756
5jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00289CVE-2019-7550
6Google Android System_server SkSwizzler.cpp onSetSampleX out-of-bounds write7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00125CVE-2019-1986
7Microsoft Azure DevOps Server unknown vulnerability6.15.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00427CVE-2021-28459
8IBM Spectrum Scale GPFS Command Line Utility information disclosure5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00051CVE-2018-1723
9Microsoft Azure Stack Hub information disclosure5.95.6$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00073CVE-2024-20679
10Apache Shiro API path traversal8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00071CVE-2023-34478
11ZyXEL NAS326/NAS540 HTTP Request os command injection9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02427CVE-2023-27992
12Google Chrome V8 type confusion7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00177CVE-2022-4174
13Appsmith List Widget cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00106CVE-2022-39824
14XpressEngine XE Normal Button unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2021-44912
15PHP SOAP Extension unserialize information disclosure8.17.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.06579CVE-2015-4600
16kube-rbac-proxy TLS Configuration risky encryption6.26.1$0-$5kCalculatingNot DefinedOfficial Fix0.000.00430CVE-2019-3818
17GitBook Stored cross site scripting5.25.1$0-$5kCalculatingNot DefinedOfficial Fix0.000.00077CVE-2017-16019
18Oracle Java SE Libraries unknown vulnerability5.35.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00158CVE-2021-2163
19PostgreSQL integer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00543CVE-2021-32027
20Nginx Open Source/Plus/Ingress Controller Resolver off-by-one5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.58180CVE-2021-23017

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.106.149PowerPool05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileautologin.cgipredictiveHigh
2Filecommand.phppredictiveMedium
3Filexxxxx.xxxpredictiveMedium
4Filexxxx/xxxxxxx.xxxpredictiveHigh
5Filexxxxxx.xpredictiveMedium
6Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
7Filexxxxxxxxxx.xxxpredictiveHigh
8ArgumentxxxpredictiveLow
9ArgumentxxxxxxxxxxxpredictiveMedium
10ArgumentxxpredictiveLow
11Input Value.%xx.../.%xx.../predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!