Dukes Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (181)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en92
zh52
ja12
ru6
sv6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us66
cn60
ru20
id6
at2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dukes7
Cobalt Strike2
TA5051
Grizzly Steppe1
Mirai_ptea1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined68
Operating System16
Web Server12
Content Management System12
Virtualization Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined66
Microsoft22
Apache10
D-Link4
I-Panda2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Apache HTTP Server6
Microsoft IIS4
QEMU4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Hunkaray Duyuru Scripti oku.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.008110.00CVE-2007-0688
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3Apache Flume JMS Source injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.04CVE-2022-34916
4Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
5SourceCodester Human Resource Management System employeeadd.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.04CVE-2022-4278
6Bitrix Upload from Local Disk Feature restore.php unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.05CVE-2022-29268
7OpenSSL AES OCB Mode missing encryption5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003630.04CVE-2022-2097
8PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
9Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.04CVE-2017-12138
10Microsoft Windows RPC over HTTP Reply denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.181750.03CVE-2003-0807
11Apache Dubbo deserialization7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.011390.00CVE-2022-39198
12LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.70
13Planka Environment Variable environ path traversal5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2022-2653
14Invision Power Services IP.Board URL resource management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.02CVE-2015-6812
15MikroTik RouterOS Winbox improper authentication8.28.0$0-$5k$0-$5kHighOfficial Fix0.974960.13CVE-2018-14847
16Drupal File Download access control5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-31250
17Mattermost API information disclosure5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.02CVE-2022-2401
18Ecommerce-Website signup_script.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000680.00CVE-2022-45990
19Salon booking system cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2022-43487
20Fortinet FortiOS/FortiProxy FortiGate SSL-VPN heap-based overflow9.89.6$25k-$100k$25k-$100kHighOfficial Fix0.154070.05CVE-2023-27997

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.66.134Dukes12/24/2020verifiedHigh
246.246.120.178Dukes12/24/2020verifiedHigh
350.7.192.146Dukes12/24/2020verifiedHigh
464.18.143.66Dukes12/24/2020verifiedHigh
566.29.115.55647807.ds.nac.netDukes12/24/2020verifiedHigh
669.59.28.57Dukes12/24/2020verifiedHigh
7XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxx12/24/2020verifiedHigh
8XX.XXX.XX.XXxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
9XX.XXX.XX.XXXxxxx12/24/2020verifiedHigh
10XX.XX.XXX.XXXXxxxx12/24/2020verifiedHigh
11XX.XXX.XX.XXxxxxx-xx.xxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
12XX.XXX.XX.XXXxxxxxxx.xxxxxxx.xxxXxxxx12/24/2020verifiedHigh
13XX.XXX.XXX.XXXXxxxx12/24/2020verifiedHigh
14XX.XXX.XXX.XXxx-xxxxxx-xx-xxx-xxx-xx.xxxxxx.xxXxxxx12/24/2020verifiedHigh
15XX.X.XXX.XXXxxxx12/24/2020verifiedHigh
16XX.XX.XXX.XXXxxxx12/24/2020verifiedHigh
17XXX.XXX.XXX.XXXXxxxx12/24/2020verifiedHigh
18XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxx12/24/2020verifiedHigh
19XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
20XXX.XX.XXX.XXxxxxxxx-xxxx-xxx.xxxx-xxxxxxx.xxxXxxxx12/24/2020verifiedHigh
21XXX.XX.XXX.XXXXxxxx12/24/2020verifiedHigh
22XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx12/24/2020verifiedHigh
23XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
24XXX.XX.XX.XXxxxxxx.xx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx12/24/2020verifiedHigh
25XXX.XXX.XX.XXXXxxxx12/24/2020verifiedHigh
26XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxx.xxxXxxxx12/24/2020verifiedHigh
27XXX.XX.XXX.XXXXxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/users.php?source=edit_user&id=1predictiveHigh
2File/cdsms/classes/Master.php?f=delete_packagepredictiveHigh
3File/debug/pprofpredictiveMedium
4File/forum/away.phppredictiveHigh
5File/hrm/employeeadd.phppredictiveHigh
6File/modules/profile/index.phppredictiveHigh
7File/onvif/device_servicepredictiveHigh
8File/pro/repo-create.htmlpredictiveHigh
9File/proc/self/environpredictiveHigh
10File/rest/project-templates/1.0/createsharedpredictiveHigh
11File/server-statuspredictiveHigh
12File/signup_script.phppredictiveHigh
13File/xxxx-xxxxxxxx.xxxpredictiveHigh
14Filexxx.xxxpredictiveLow
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxx-xxxx.xxxpredictiveMedium
21Filexxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxx.xxxxxxx.xxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxx.xpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxxx.xxxpredictiveHigh
27Filexx.xxxxx.xxxpredictiveMedium
28Filexxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx/xxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx.xxx?xxxx=xxxxxxx_xxxxxpredictiveHigh
35Filexx/xx/xxxxxxxxxxxxxxx.xxpredictiveHigh
36Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
37Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
38FilexxxxpredictiveLow
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxx/xxxx.xpredictiveMedium
41Filexxx.xxxpredictiveLow
42Filexxx/xxxxx.xxxxpredictiveHigh
43Filexxxxx.xxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxx.xxxpredictiveMedium
49Filexxxx_xxxx.xxxpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxx_xxxx.xxxpredictiveHigh
52Filexxx.xxxpredictiveLow
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxxxx.xxpredictiveMedium
55Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
56Filexxxxxx_xxxxxxx.xxxpredictiveHigh
57Filexxxx_xxxxx.xxxxpredictiveHigh
58Filexxxxxx-xxxxxx.xxxpredictiveHigh
59Filexxxx-xxxpredictiveMedium
60Filexxxx/xxxx_xxxxxxx_xxx.xpredictiveHigh
61Filexxxxxxxxxx.xxxpredictiveHigh
62Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
63Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
64Filexx-xxxxxxxxxx.xxxpredictiveHigh
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxpredictiveLow
68Argumentxxxxxxxxxx[]predictiveMedium
69ArgumentxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxxxpredictiveMedium
76Argumentx_xxpredictiveLow
77ArgumentxxpredictiveLow
78Argumentxx_xxxxxpredictiveMedium
79ArgumentxxxxpredictiveLow
80Argumentxxxxxxx/xxxxxx_xxpredictiveHigh
81ArgumentxxxxxxxpredictiveLow
82Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
83Argumentxxxx/xxxxxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxpredictiveLow
87ArgumentxxxxxxxxxxxxxpredictiveHigh
88Argumentxxxx_xxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxxxxxx_xxpredictiveMedium
91ArgumentxxxxxxxpredictiveLow
92Argumentxxxxxx_xxxxxxxxpredictiveHigh
93ArgumentxxxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxxxxxxxxpredictiveMedium
96ArgumentxxxpredictiveLow
97ArgumentxxxpredictiveLow
98ArgumentxxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxpredictiveMedium
100Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
101Network Portxxx/xxxx (xx-xxx)predictiveHigh
102Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!