PowerPool Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	34
zh	12
jp	2
ko	2

Country

CN: China	32
US: USA	10
KR: South Korea	6

Actors

PowerPool (Win ALPC Zero-day)	1
PlugX	1

Activities

Interest

Timeline

Type

Not Defined	14
Operating System	4
Router Operating System	4
Programming Language Software	4
Web Server	2

Vendor

Not Defined	16
Linux	4
Oracle	4
Juniper	2
Microsoft	2

Product

Linux Kernel	4
Oracle Java SE	4
Nginx	2
Appsmith	2
Juniper ScreenOS	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	GitLab Community Edition/Enterprise Edition Image File Privilege Escalation	6.3	6.3	$0-$5k	$0-$5k	High	Not Defined	0.97443	0.00	CVE-2021-22205
2	Oracle Java SE Libraries unknown vulnerability	5.9	5.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00353	0.07	CVE-2021-2161
3	Nginx Autoindex Module integer overflow	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01194	0.04	CVE-2017-20005
4	Juniper ScreenOS cryptographic issues	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.02583	0.00	CVE-2015-7756
5	jforum User input validation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.66	CVE-2019-7550
6	Google Android System_server SkSwizzler.cpp onSetSampleX out-of-bounds write	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00125	0.00	CVE-2019-1986
7	dnsmasq Port security check	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.04	CVE-2021-3448
8	Linux Kernel Netfilter nf_tables_api.c nft_verdict_init use after free	7.8	7.7	$5k-$25k	$0-$5k	High	Official Fix	0.00210	0.04	CVE-2024-1086
9	Oracle Agile PLM Security denial of service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00066	0.04	CVE-2023-34624
10	Microsoft Azure DevOps Server unknown vulnerability	6.1	5.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00427	0.00	CVE-2021-28459
11	IBM Spectrum Scale GPFS Command Line Utility information disclosure	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00051	0.00	CVE-2018-1723
12	Microsoft Azure Stack Hub information disclosure	5.9	5.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00064	0.00	CVE-2024-20679
13	Apache Shiro API path traversal	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00097	0.04	CVE-2023-34478
14	ZyXEL NAS326/NAS540 HTTP Request os command injection	9.8	9.6	$5k-$25k	$0-$5k	High	Official Fix	0.03006	0.00	CVE-2023-27992
15	Google Chrome V8 type confusion	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00231	0.00	CVE-2022-4174
16	Appsmith List Widget cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.00	CVE-2022-39824
17	XpressEngine XE Normal Button unrestricted upload	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2021-44912
18	PHP SOAP Extension unserialize information disclosure	8.1	7.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.06579	0.04	CVE-2015-4600
19	kube-rbac-proxy TLS Configuration risky encryption	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00363	0.00	CVE-2019-3818
20	GitBook Stored cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00077	0.00	CVE-2017-16019

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	27.102.106.149		PowerPool		05/31/2021	verified	Low

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
9	TXXXX	CAPEC-20	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	autologin.cgi	predictive	High
2	File	command.php	predictive	Medium
3	File	xxxxx.xxx	predictive	Medium
4	File	xxxx/xxxxxxx.xxx	predictive	High
5	File	xxxxxx.x	predictive	Medium
6	File	xxx/xxxxxxxxx/xx_xxxxxx_xxx.x	predictive	High
7	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
8	File	xxxxxxxxxx.xxx	predictive	High
9	Argument	xxx	predictive	Low
10	Argument	xxxxxxxxxxx	predictive	Medium
11	Argument	xx	predictive	Low
12	Input Value	.%xx.../.%xx.../	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!