PowerDuke Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (48)

Idioma

en	48

País

cn	12
be	10
us	10
hu	10
tr	6

Actores

PowerDuke	3
APT29	1

Interesar

Escribe

Operating System	10
Not Defined	10
Router Operating System	6
Smartphone Operating System	2
Content Management System	2

Proveedor

Microsoft	10
Juniper	6
Not Defined	6
Cisco	4
Samsung	2

Producto

Microsoft Windows	10
Juniper Junos	6
Samsung Galaxy S9	2
Ivan Cordoba Generic Content Management System	2
Symantec Backup Exec	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Microsoft Windows LSA Remote Code Execution	8.1	7.4	$100k y más	$5k-$25k	Unproven	Official Fix	0.90617	0.00	CVE-2022-26925
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00125	0.02	CVE-2022-37969
4	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.60	CVE-2010-0966
5	Softomi Advanced C2C Marketplace Software sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00076	0.02	CVE-2023-6145
6	Microsoft Windows HTTP Request HTTP.sys escalada de privilegios	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.97537	0.02	CVE-2015-1635
7	Lanap BotDetect Captcha Asp.net escalada de privilegios	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03404	0.02	CVE-2006-2918
8	Microsoft ASP.NET Core Kestrel Web Application escalada de privilegios	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02783	0.03	CVE-2018-0787
9	Red Hat WildFly Blacklist Filter File divulgación de información	7.5	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.09817	0.00	CVE-2016-0793
10	CKeditor4 Instance Destroying cross site scripting	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00292	0.02	CVE-2023-28439
11	SAP NetWeaver GetComputerSystem divulgación de información	5.3	4.6	$5k-$25k	$0-$5k	High	Official Fix	0.03101	0.00	CVE-2013-3319
12	Microsoft Exchange Server Outlook Web Access logon.aspx escalada de privilegios	7.9	7.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00379	0.03	CVE-2018-16793
13	easyii CMS out cross site request forgery	4.3	3.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00102	0.00	CVE-2020-36534
14	easyii CMS File Upload Management Upload.php file escalada de privilegios	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00198	0.13	CVE-2022-3771
15	Microsoft ASP.NET Security Feature autenticación débil	7.4	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00424	0.04	CVE-2018-8171
16	Plesk Obsidian Login Page escalada de privilegios	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00174	0.02	CVE-2023-24044
17	Microsoft Windows Scripting Language Remote Code Execution	8.8	8.4	$25k-$100k	$5k-$25k	Functional	Official Fix	0.20433	0.03	CVE-2022-41128
18	QNAP QVR escalada de privilegios	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00160	0.04	CVE-2022-27588
19	Microsoft Windows User Profile Service Privilege Escalation	7.2	6.8	$25k-$100k	$5k-$25k	Functional	Official Fix	0.00102	0.03	CVE-2022-26904
20	Microsoft Windows Remote Desktop Protocol Remote Code Execution	8.8	8.1	$100k y más	$5k-$25k	Unproven	Official Fix	0.01480	0.02	CVE-2022-21893

Campañas (1)

These are the campaigns that can be associated with the actor:

PowerDuke

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	65.15.88.243	adsl-065-015-088-243.sip.asm.bellsouth.net	APT29	PowerDuke	2020-12-12	verified	Alto
2	81.82.196.162	d5152c4a2.static.telenet.be	APT29	PowerDuke	2020-12-12	verified	Alto
3	XX.XXX.XX.XXX	xxxxxxx.xxxx.xx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Alto
4	XXX.XXX.XX.X		Xxxxx	Xxxxxxxxx	2020-12-12	verified	Alto
5	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxxxxxxxx.xxxxx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Alto
6	XXX.XX.XXX.XXX	xxxxxx.xxxx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Alto
7	XXX.XXX.XX.XXX	xxxxxx-xx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Alto
8	XXX.XXX.XXX.XX	xxxxxx.xxxxx.xxx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/admin/sign/out	predictive	Alto
2	File	/owa/auth/logon.aspx	predictive	Alto
3	File	/setup.cgi	predictive	Medio
4	File	xxxxxxxxxxxxx/xxx_xxxxxxxx.xxx	predictive	Alto
5	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
6	File	xxxxxxx/xxxxxx.xxx	predictive	Alto
7	File	xxxx.xxx	predictive	Medio
8	File	xxx/xxxxxx.xxx	predictive	Alto
9	Argument	xxxxxxxx	predictive	Medio
10	Argument	xxxx	predictive	Bajo
11	Argument	xx	predictive	Bajo
12	Argument	xxxxx	predictive	Bajo
13	Argument	xxxxxxxx	predictive	Medio
14	Input Value	/../	predictive	Bajo
15	Network Port	xxx/xxxx	predictive	Medio

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!