PcShare Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (26)

Zeitverlauf

Sprache

en22
jp2
de2

Land

us26

Akteure

PcShare2
Cobalt Strike1
Razy1
SystemBC1
Imperial Kitten1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined10
Solution Stack Software6
Survey Software2
Knowledge Base Software2
WordPress Plugin2

Hersteller

SAP10
Not Defined6
MGB2
Thomas R. Pasawicz2
Castle Rock2

Produkt

SAP NetWeaver AS JAVA4
MGB OpenSource Guestbook2
SAP Solman2
LimeSurvey2
SAP NetWeaver2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1SAP NetWeaver AS JAVA Visual Composer com.sap.visualcomposer.BIKit.default XML External Entity7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00183CVE-2017-8913
2SAP NetWeaver Visual Composer erweiterte Rechte9.39.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.96507CVE-2021-38163
3Xunrui CMS main.html Information Disclosure4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00074CVE-2023-1680
4Victor CMS login.php SQL Injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.040.00162CVE-2022-28060
5LimeSurvey LDAP Authentication Brute Force Information Disclosure4.54.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00155CVE-2019-16180
6GNU Mailman Pipermail Information Disclosure4.04.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00042CVE-2002-0389
7OceanWP Plugin erweiterte Rechte5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00000CVE-2023-23700
8Varnish Cache erweiterte Rechte7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00113CVE-2022-45059
9Swagger-UI Key Name Cross Site Scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00243CVE-2016-1000229
10akismet Plugin Cross Site Scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00078CVE-2015-9357
11TinyMCE Classic Editing Mode Cross Site Scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00115CVE-2020-12648
12WordPress REST API class-wp-rest-users-controller.php Information Disclosure5.35.1$5k-$25k$0-$5kFunctionalOfficial Fix0.150.87410CVE-2017-5487
13SAP Solman caf~eu~gp~example~timeoff~wd Information Disclosure6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00787CVE-2016-10005
14SAP NetWeaver XML External Entity8.17.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00768CVE-2015-7241
15SAP Knowledge Warehouse KW Cross Site Scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00418CVE-2021-42063
16SAP NetWeaver AS JAVA Query String UIUtilJavaScriptJS Directory Traversal7.06.8$5k-$25k$0-$5kHighWorkaround0.030.00648CVE-2017-12637
17Apache HTTP Server Path Normalization Directory Traversal7.36.8$25k-$100k$0-$5kFunctionalOfficial Fix0.030.97456CVE-2021-41773
18Castle Rock SNMPc Online info.php4 Information Disclosure6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01640CVE-2020-11554
19Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
20MGB OpenSource Guestbook email.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.770.01302CVE-2007-0354

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
145.32.181.4845.32.181.48.vultr.comPcShare04.03.2022verifiziertMedium
2XXX.X.XXX.XXXXxxxxxx04.03.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/dayrui/My/View/main.htmlprädiktivHigh
2File/includes/login.phpprädiktivHigh
3Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
4Filexxxxx.xxxprädiktivMedium
5Filexxxx.xxxxprädiktivMedium
6Filexxx/xxxxxxx/xxx/xxxxxx/xxxxxxx/xxx.xxx.xxxxxxxxxxxxxx.xxxxx.xxxxxxxprädiktivHigh
7Filexxxxxxxxx/xx/xx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxprädiktivHigh
8Filexxxxxxxxx/xxxxxxxxxx/xxx.xxx/xxx~xx~xx~xxxxxxx~xxxxxxx~xxprädiktivHigh
9Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxprädiktivHigh
10ArgumentxxprädiktivLow
11Argumentxxxx_xxxxprädiktivMedium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!