PowerDuke Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (48)

Język

en	48

Kraj

hu	14
tr	10
cn	10
us	8
be	6

Aktorzy

PowerDuke	2
APT29	2

Wysiłek

Rodzaj

Not Defined	12
Router Operating System	8
Firewall Software	4
Operating System	4
Web Server	2

Sprzedawca

Microsoft	8
Juniper	8
Cisco	4
Not Defined	4
Huawei	2

Produkt

Juniper Junos	8
Microsoft Windows	4
Cisco FirePOWER Management Center	2
Huawei UTPS	2
nginx	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Microsoft Windows LSA Remote Code Execution	8.1	7.6	$25k-$100k	$5k-$25k	High	Official Fix	0.90249	0.04	CVE-2022-26925
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Obliczenie	High	Workaround	0.02016	0.00	CVE-2007-1192
3	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.7	$25k-$100k	$5k-$25k	High	Official Fix	0.00125	0.00	CVE-2022-37969
4	DZCP deV!L`z Clanportal config.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.38	CVE-2010-0966
5	Softomi Advanced C2C Marketplace Software sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2023-6145
6	Microsoft Windows HTTP Request HTTP.sys privilege escalation	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.97540	0.07	CVE-2015-1635
7	Lanap BotDetect Captcha Asp.net privilege escalation	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03404	0.02	CVE-2006-2918
8	Microsoft ASP.NET Core Kestrel Web Application privilege escalation	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02783	0.00	CVE-2018-0787
9	Red Hat WildFly Blacklist Filter File information disclosure	7.5	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.09817	0.04	CVE-2016-0793
10	CKeditor4 Instance Destroying cross site scripting	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00315	0.02	CVE-2023-28439
11	SAP NetWeaver GetComputerSystem information disclosure	5.3	4.6	$5k-$25k	$0-$5k	High	Official Fix	0.03101	0.04	CVE-2013-3319
12	Microsoft Exchange Server Outlook Web Access logon.aspx privilege escalation	7.9	7.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00516	0.08	CVE-2018-16793
13	easyii CMS out cross site request forgery	4.3	3.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00102	0.04	CVE-2020-36534
14	easyii CMS File Upload Management Upload.php file privilege escalation	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00198	0.00	CVE-2022-3771
15	Microsoft ASP.NET Security Feature weak authentication	7.4	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00424	0.06	CVE-2018-8171
16	Plesk Obsidian Login Page privilege escalation	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00174	0.17	CVE-2023-24044
17	Microsoft Windows Scripting Language Remote Code Execution	8.8	8.5	$25k-$100k	$5k-$25k	High	Official Fix	0.18647	0.04	CVE-2022-41128
18	QNAP QVR privilege escalation	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00160	0.04	CVE-2022-27588
19	Microsoft Windows User Profile Service Privilege Escalation	7.2	6.9	$25k-$100k	$5k-$25k	High	Official Fix	0.00102	0.00	CVE-2022-26904
20	Microsoft Windows Remote Desktop Protocol Remote Code Execution	8.8	8.1	$100k i więcej	$5k-$25k	Unproven	Official Fix	0.01546	0.02	CVE-2022-21893

Kampanie (1)

These are the campaigns that can be associated with the actor:

PowerDuke

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	65.15.88.243	adsl-065-015-088-243.sip.asm.bellsouth.net	APT29	PowerDuke	2020-12-12	verified	Wysoki
2	81.82.196.162	d5152c4a2.static.telenet.be	APT29	PowerDuke	2020-12-12	verified	Wysoki
3	XX.XXX.XX.XXX	xxxxxxx.xxxx.xx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Wysoki
4	XXX.XXX.XX.X		Xxxxx	Xxxxxxxxx	2020-12-12	verified	Wysoki
5	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxxxxxxxx.xxxxx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Wysoki
6	XXX.XX.XXX.XXX	xxxxxx.xxxx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Wysoki
7	XXX.XXX.XX.XXX	xxxxxx-xx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Wysoki
8	XXX.XXX.XXX.XX	xxxxxx.xxxxx.xxx	Xxxxx	Xxxxxxxxx	2020-12-12	verified	Wysoki

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/admin/sign/out	predictive	Wysoki
2	File	/owa/auth/logon.aspx	predictive	Wysoki
3	File	/setup.cgi	predictive	Medium
4	File	xxxxxxxxxxxxx/xxx_xxxxxxxx.xxx	predictive	Wysoki
5	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
6	File	xxxxxxx/xxxxxx.xxx	predictive	Wysoki
7	File	xxxx.xxx	predictive	Medium
8	File	xxx/xxxxxx.xxx	predictive	Wysoki
9	Argument	xxxxxxxx	predictive	Medium
10	Argument	xxxx	predictive	Niski
11	Argument	xx	predictive	Niski
12	Argument	xxxxx	predictive	Niski
13	Argument	xxxxxxxx	predictive	Medium
14	Input Value	/../	predictive	Niski
15	Network Port	xxx/xxxx	predictive	Medium

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you know our Splunk app?

Download it now for free!