PowerDuke Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (48)

Idioma

en	48

País

cn	14
hu	14
be	10
us	8
tr	2

Actores

PowerDuke	2
APT29	1

Interesse

Tipo

Not Defined	14
Router Operating System	6
Operating System	6
Firewall Software	4
Content Management System	4

Fabricante

Microsoft	12
Juniper	6
Not Defined	4
Cisco	4
İstanbul Soft Informatics and Consultancy Limited ...	2

Produto

Juniper Junos	6
Microsoft Windows	6
UltraVNC	2
Cisco ASA	2
Microsoft Exchange Server	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Microsoft Windows LSA Remote Code Execution	8.1	7.4	$100k e mais	$5k-$25k	Unproven	Official Fix	0.90617	0.00	CVE-2022-26925
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00125	0.02	CVE-2022-37969
4	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.70	CVE-2010-0966
5	Softomi Advanced C2C Marketplace Software Injecção SQL	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00076	0.02	CVE-2023-6145
6	Microsoft Windows HTTP Request HTTP.sys direitos alargados	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.97537	0.04	CVE-2015-1635
7	Lanap BotDetect Captcha Asp.net direitos alargados	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03404	0.02	CVE-2006-2918
8	Microsoft ASP.NET Core Kestrel Web Application direitos alargados	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02783	0.05	CVE-2018-0787
9	Red Hat WildFly Blacklist Filter File Divulgação de Informação	7.5	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.09817	0.00	CVE-2016-0793
10	CKeditor4 Instance Destroying Roteiro Cruzado de Sítios	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00315	0.02	CVE-2023-28439
11	SAP NetWeaver GetComputerSystem Divulgação de Informação	5.3	4.6	$5k-$25k	$0-$5k	High	Official Fix	0.03101	0.00	CVE-2013-3319
12	Microsoft Exchange Server Outlook Web Access logon.aspx direitos alargados	7.9	7.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00379	0.35	CVE-2018-16793
13	easyii CMS out Falsificação de Pedido Cross Site	4.3	3.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00102	0.09	CVE-2020-36534
14	easyii CMS File Upload Management Upload.php file direitos alargados	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00198	0.09	CVE-2022-3771
15	Microsoft ASP.NET Security Feature Fraca autenticação	7.4	7.2	$5k-$25k	Calculado	Not Defined	Official Fix	0.00424	0.04	CVE-2018-8171
16	Plesk Obsidian Login Page direitos alargados	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00174	0.07	CVE-2023-24044
17	Microsoft Windows Scripting Language Remote Code Execution	8.8	8.4	$25k-$100k	$5k-$25k	Functional	Official Fix	0.18647	0.03	CVE-2022-41128
18	QNAP QVR direitos alargados	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00160	0.04	CVE-2022-27588
19	Microsoft Windows User Profile Service Privilege Escalation	7.2	6.8	$25k-$100k	$5k-$25k	Functional	Official Fix	0.00102	0.03	CVE-2022-26904
20	Microsoft Windows Remote Desktop Protocol Remote Code Execution	8.8	8.1	$100k e mais	$5k-$25k	Unproven	Official Fix	0.01546	0.02	CVE-2022-21893

Campanhas (1)

These are the campaigns that can be associated with the actor:

PowerDuke

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	65.15.88.243	adsl-065-015-088-243.sip.asm.bellsouth.net	APT29	PowerDuke	12/12/2020	verified	Alto
2	81.82.196.162	d5152c4a2.static.telenet.be	APT29	PowerDuke	12/12/2020	verified	Alto
3	XX.XXX.XX.XXX	xxxxxxx.xxxx.xx	Xxxxx	Xxxxxxxxx	12/12/2020	verified	Alto
4	XXX.XXX.XX.X		Xxxxx	Xxxxxxxxx	12/12/2020	verified	Alto
5	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxxxxxxxx.xxxxx	Xxxxx	Xxxxxxxxx	12/12/2020	verified	Alto
6	XXX.XX.XXX.XXX	xxxxxx.xxxx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxxxxxx	12/12/2020	verified	Alto
7	XXX.XXX.XX.XXX	xxxxxx-xx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxxxxxx	12/12/2020	verified	Alto
8	XXX.XXX.XXX.XX	xxxxxx.xxxxx.xxx	Xxxxx	Xxxxxxxxx	12/12/2020	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/admin/sign/out	predictive	Alto
2	File	/owa/auth/logon.aspx	predictive	Alto
3	File	/setup.cgi	predictive	Médio
4	File	xxxxxxxxxxxxx/xxx_xxxxxxxx.xxx	predictive	Alto
5	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
6	File	xxxxxxx/xxxxxx.xxx	predictive	Alto
7	File	xxxx.xxx	predictive	Médio
8	File	xxx/xxxxxx.xxx	predictive	Alto
9	Argument	xxxxxxxx	predictive	Médio
10	Argument	xxxx	predictive	Baixo
11	Argument	xx	predictive	Baixo
12	Argument	xxxxx	predictive	Baixo
13	Argument	xxxxxxxx	predictive	Médio
14	Input Value	/../	predictive	Baixo
15	Network Port	xxx/xxxx	predictive	Médio

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!