PowerPool Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Sprache

en	32
zh	10
jp	4
ko	2

Land

cn	30
us	14
gb	2

Akteure

PowerPool (Win ALPC Zero-day)	1
PlugX	1

Interesse

Typ

Not Defined	16
Programming Language Software	6
Bug Tracking Software	4
Network Attached Storage Software	2
JavaScript Library	2

Hersteller

Not Defined	12
Oracle	4
Microsoft	4
Google	4
Atlassian	2

Produkt

Oracle Java SE	4
Atlassian JIRA	2
Dan McDougall GateOne	2
IBM Spectrum Scale	2
GitBook	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	GitLab Community Edition/Enterprise Edition Image File Privilege Escalation	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.97463	CVE-2021-22205
2	Oracle Java SE Libraries unbekannte Schwachstelle	5.9	5.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.02	0.00249	CVE-2021-2161
3	Nginx Autoindex Module Pufferüberlauf	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00845	CVE-2017-20005
4	Juniper ScreenOS schwache Verschlüsselung	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.02583	CVE-2015-7756
5	jforum User erweiterte Rechte	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00289	CVE-2019-7550
6	Google Android System_server SkSwizzler.cpp onSetSampleX Pufferüberlauf	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00125	CVE-2019-1986
7	Microsoft Azure DevOps Server unbekannte Schwachstelle	6.1	5.3	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00	0.00427	CVE-2021-28459
8	IBM Spectrum Scale GPFS Command Line Utility Information Disclosure	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00051	CVE-2018-1723
9	Microsoft Azure Stack Hub Information Disclosure	5.9	5.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02	0.00073	CVE-2024-20679
10	Apache Shiro API Directory Traversal	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00071	CVE-2023-34478
11	ZyXEL NAS326/NAS540 HTTP Request erweiterte Rechte	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.02427	CVE-2023-27992
12	Google Chrome V8 erweiterte Rechte	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03	0.00177	CVE-2022-4174
13	Appsmith List Widget Cross Site Scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00106	CVE-2022-39824
14	XpressEngine XE Normal Button erweiterte Rechte	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00058	CVE-2021-44912
15	PHP SOAP Extension unserialize Information Disclosure	8.1	7.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.06579	CVE-2015-4600
16	kube-rbac-proxy TLS Configuration schwache Verschlüsselung	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00430	CVE-2019-3818
17	GitBook Stored Cross Site Scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00077	CVE-2017-16019
18	Oracle Java SE Libraries unbekannte Schwachstelle	5.3	5.1	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00158	CVE-2021-2163
19	PostgreSQL Pufferüberlauf	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00543	CVE-2021-32027
20	Nginx Open Source/Plus/Ingress Controller Resolver Pufferüberlauf	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.58180	CVE-2021-23017

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	27.102.106.149		PowerPool		31.05.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059	CWE-94	Argument Injection	prädiktiv	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
9	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	autologin.cgi	prädiktiv	High
2	File	command.php	prädiktiv	Medium
3	File	xxxxx.xxx	prädiktiv	Medium
4	File	xxxx/xxxxxxx.xxx	prädiktiv	High
5	File	xxxxxx.x	prädiktiv	Medium
6	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	prädiktiv	High
7	File	xxxxxxxxxx.xxx	prädiktiv	High
8	Argument	xxx	prädiktiv	Low
9	Argument	xxxxxxxxxxx	prädiktiv	Medium
10	Argument	xx	prädiktiv	Low
11	Input Value	.%xx.../.%xx.../	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!