POWERSHOWER Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

Idioma

en	30
es	6
sv	2

País

us	24
ar	10
ca	2
ir	2

Actores

POWERSHOWER	4
TrickBot	1
IcedID Downloader	1

Interesar

Escribe

Not Defined	18
Content Management System	6
WordPress Plugin	2
Groupware Software	2
Network Attached Storage Software	2

Proveedor

Not Defined	14
Genivia	2
Umi	2
Allegro	2
DZCP	2

Producto

WordPress	4
Genivia gSOAP	2
FLDS	2
Bitrix24	2
Umi UMI.CMS	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	Calculador	High	Workaround	0.02016	0.00	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.38	CVE-2010-0966
3	GeoServer OGC sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.59299	0.04	CVE-2023-25157
4	Yoast SEO Plugin REST Endpoint posts divulgación de información	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.04	CVE-2021-25118
5	Sophos Firewall User Portal/Webadmin autenticación débil	8.5	8.5	$0-$5k	$0-$5k	High	Not Defined	0.97434	0.00	CVE-2022-1040
6	Apple Mac OS X Wiki Server directory traversal	8.8	7.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01068	0.00	CVE-2008-1000
7	Comersus Open Technologies Comersus Backoffice Lite default.asp sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00177	0.00	CVE-2005-0302
8	Apache HTTP Server mod_lua Multipart Parser r:parsebody desbordamiento de búfer	8.5	8.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.08808	0.00	CVE-2021-44790
9	Bitrix24 escalada de privilegios	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00521	0.02	CVE-2020-13484
10	Umi UMI.CMS Administrator Account cross site request forgery	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01099	0.05	CVE-2013-2754
11	Microsoft Exchange Server Remote Code Execution	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.71652	0.08	CVE-2021-26857
12	hostapd/wpa_supplicant EAP-PWD escalada de privilegios	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00735	0.00	CVE-2019-9499
13	QNAP QTS/QuTS Hero escalada de privilegios	5.5	5.3	$0-$5k	$0-$5k	High	Official Fix	0.00290	0.08	CVE-2020-2509
14	Apple M1 Register s3_5_c15_c10_1 M1RACLES escalada de privilegios	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.04	CVE-2021-30747
15	OpenEMR register.php autenticación débil	8.2	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04202	0.00	CVE-2018-15152
16	Kamailio REGISTER Message tmx_pretran.c tmx_check_pretran desbordamiento de búfer	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.13952	0.02	CVE-2018-8828
17	e-Quick Cart shopprojectlogin.asp sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.04
18	PHP Outburst Easynews admin.php desbordamiento de búfer	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.05921	0.04	CVE-2006-5412
19	Allegro RomPager desbordamiento de búfer	7.3	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.04618	0.00	CVE-2014-9223
20	TP-LINK TL-MR3220 Wireless MAC Filter cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00115	0.00	CVE-2017-15291

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	51.255.139.194	ip194.ip-51-255-139.eu	POWERSHOWER	2018-11-09	verified	Alto
2	XXX.XXX.XX.XXX	xxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxx	2018-11-09	verified	Alto
3	XXX.XXX.XX.XX	xxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	2018-11-09	verified	Alto
4	XXX.XXX.XXX.XXX		Xxxxxxxxxxx	2018-11-09	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	admin.php	predictive	Medio
2	File	C:\Windows\Temp\OLEACC.dll	predictive	Alto
3	File	data/gbconfiguration.dat	predictive	Alto
4	File	xxxxxxx.xxx	predictive	Medio
5	File	xxx/xxxxxx.xxx	predictive	Alto
6	File	xxxxxxx/xxx/xxx_xxxxxxx.x	predictive	Alto
7	File	xxxxxx/xxxxxxx/xxxxxxxx.xxx	predictive	Alto
8	File	xxxxx.xxx	predictive	Medio
9	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	predictive	Alto
10	File	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
11	File	xxx.xxx	predictive	Bajo
12	File	xx/xx/xxxxx	predictive	Medio
13	Argument	xxxxxxxx	predictive	Medio
14	Argument	xxxxxxxxxxx	predictive	Medio
15	Argument	xx_xxxxx_xx	predictive	Medio
16	Argument	xx	predictive	Bajo
17	Argument	xxxxxxxxx	predictive	Medio
18	Argument	xxxx->xxxxxxx	predictive	Alto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!