PowerPool Analysis

IOB - Indicator of Behavior (41)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en32
zh8
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn22
us12
kr6
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MGB OpenSource Guestbook2
GitBook2
D-Link DIR-8422
PHP2
CouchDB2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1GitLab Community Edition/Enterprise Edition Image File Privilege Escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.060.71078CVE-2021-22205
2Oracle Java SE Libraries unknown vulnerability5.95.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.02686CVE-2021-2161
3Nginx Autoindex Module integer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01108CVE-2017-20005
4Juniper ScreenOS cryptographic issues7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.27336CVE-2015-7756
5jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.04499CVE-2019-7550
6Google Android System_server SkSwizzler.cpp onSetSampleX out-of-bounds write7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01689CVE-2019-1986
7Appsmith List Widget cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.090.01055CVE-2022-39824
8XpressEngine XE Normal Button unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2021-44912
9PHP SOAP Extension unserialize information disclosure8.17.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.06698CVE-2015-4600
10kube-rbac-proxy TLS Configuration risky encryption7.47.1$0-$5kCalculatingNot DefinedOfficial Fix0.050.01018CVE-2019-3818
11GitBook Stored cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2017-16019
12Oracle Java SE Libraries unknown vulnerability5.35.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01537CVE-2021-2163
13PostgreSQL integer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00950CVE-2021-32027
14Nginx Open Source/Plus/Ingress Controller Resolver off-by-one5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.48051CVE-2021-23017
15D-Link DIR-842 protection mechanism3.13.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.01136CVE-2021-27342
16Dan McDougall GateOne SSH Connection os command injection8.08.0$0-$5k$0-$5kNot DefinedUnavailable0.000.01055CVE-2020-20184
17D-Link DIR-610 command.php code injection7.57.4$5k-$25k$0-$5kNot DefinedWorkaround0.010.44855CVE-2020-9377
18Netty Whitespace request smuggling7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.05732CVE-2019-16869
19Apache CouchDB HTTP API input validation6.76.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.07876CVE-2018-8007
20CouchDB HTTP API access control8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.05471CVE-2018-11769

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
127.102.106.149PowerPoolverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileautologin.cgipredictiveHigh
2Filecommand.phppredictiveMedium
3Filexxxxx.xxxpredictiveMedium
4Filexxxx/xxxxxxx.xxxpredictiveHigh
5Filexxxxxx.xpredictiveMedium
6Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
7Filexxxxxxxxxx.xxxpredictiveHigh
8ArgumentxxxpredictiveLow
9ArgumentxxxxxxxxxxxpredictiveMedium
10ArgumentxxpredictiveLow
11Input Value.%xx.../.%xx.../predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!