PcShare Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (26)

Cronología

Idioma

en22
de2
jp2

País

us26

Actores

PcShare2
Razy1
SystemBC1
Imperial Kitten1
Cobalt Strike1

Ocupaciones

Interesar

Cronología

Escribe

Solution Stack Software6
Not Defined6
Content Management System4
Mail Client Software2
Survey Software2

Proveedor

SAP8
Not Defined4
Castle Rock2
GNU2
Varnish2

Producto

SAP NetWeaver4
WordPress2
Castle Rock SNMPc Online2
GNU Mailman2
Varnish Cache2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1SAP NetWeaver AS JAVA Visual Composer com.sap.visualcomposer.BIKit.default XML External Entity7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001830.00CVE-2017-8913
2SAP NetWeaver Visual Composer escalada de privilegios9.39.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.965070.02CVE-2021-38163
3Xunrui CMS main.html divulgación de información4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000960.05CVE-2023-1680
4Victor CMS login.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001620.05CVE-2022-28060
5LimeSurvey LDAP Authentication Brute Force divulgación de información4.54.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001550.02CVE-2019-16180
6GNU Mailman Pipermail divulgación de información4.04.0$0-$5k$0-$5kNot DefinedNot Defined0.000420.02CVE-2002-0389
7OceanWP Plugin escalada de privilegios5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.05CVE-2023-23700
8Varnish Cache escalada de privilegios7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001250.03CVE-2022-45059
9Swagger-UI Key Name cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002430.04CVE-2016-1000229
10akismet Plugin cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.03CVE-2015-9357
11TinyMCE Classic Editing Mode cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001150.00CVE-2020-12648
12WordPress REST API class-wp-rest-users-controller.php divulgación de información5.35.1$5k-$25k$0-$5kFunctionalOfficial Fix0.874100.03CVE-2017-5487
13SAP Solman caf~eu~gp~example~timeoff~wd divulgación de información6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.007870.00CVE-2016-10005
14SAP NetWeaver XML External Entity8.17.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007680.00CVE-2015-7241
15SAP Knowledge Warehouse KW cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004250.03CVE-2021-42063
16SAP NetWeaver AS JAVA Query String UIUtilJavaScriptJS directory traversal7.06.8$5k-$25k$0-$5kHighWorkaround0.007150.03CVE-2017-12637
17Apache HTTP Server Path Normalization directory traversal7.37.0$5k-$25k$0-$5kHighOfficial Fix0.974620.00CVE-2021-41773
18Castle Rock SNMPc Online info.php4 divulgación de información6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.016400.00CVE-2020-11554
19Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25kCalculadorHighWorkaround0.020160.02CVE-2007-1192
20MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.35CVE-2007-0354

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
145.32.181.4845.32.181.48.vultr.comPcShare2022-03-04verifiedMedio
2XXX.X.XXX.XXXXxxxxxx2022-03-04verifiedAlto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClaseVulnerabilidadVector de accesoEscribeConfianza
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/dayrui/My/View/main.htmlpredictiveAlto
2File/includes/login.phppredictiveAlto
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
4Filexxxxx.xxxpredictiveMedio
5Filexxxx.xxxxpredictiveMedio
6Filexxx/xxxxxxx/xxx/xxxxxx/xxxxxxx/xxx.xxx.xxxxxxxxxxxxxx.xxxxx.xxxxxxxpredictiveAlto
7Filexxxxxxxxx/xx/xx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxpredictiveAlto
8Filexxxxxxxxx/xxxxxxxxxx/xxx.xxx/xxx~xx~xx~xxxxxxx~xxxxxxx~xxpredictiveAlto
9Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
10ArgumentxxpredictiveBajo
11Argumentxxxx_xxxxpredictiveMedio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!