PcShare Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (26)

Język

en	22
zh	2
de	2

Kraj

us	24
cn	2

Aktorzy

PcShare	1
Razy	1
SystemBC	1
Imperial Kitten	1

Wysiłek

Rodzaj

Not Defined	6
Solution Stack Software	4
Content Management System	2
Survey Software	2
Mail Client Software	2

Sprzedawca

SAP	6
Not Defined	6
Varnish	2
Xunrui	2
GNU	2

Produkt

Varnish Cache	2
Xunrui CMS	2
SAP NetWeaver	2
LimeSurvey	2
GNU Mailman	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	CTI	EPSS	CVE
1	SAP NetWeaver AS JAVA Visual Composer com.sap.visualcomposer.BIKit.default XML External Entity	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00183	CVE-2017-8913
2	SAP NetWeaver Visual Composer privilege escalation	9.3	9.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.96507	CVE-2021-38163
3	Xunrui CMS main.html information disclosure	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00074	CVE-2023-1680
4	Victor CMS login.php sql injection	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00162	CVE-2022-28060
5	LimeSurvey LDAP Authentication Brute Force information disclosure	4.5	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00155	CVE-2019-16180
6	GNU Mailman Pipermail information disclosure	4.0	4.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00042	CVE-2002-0389
7	OceanWP Plugin privilege escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00000	CVE-2023-23700
8	Varnish Cache privilege escalation	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00113	CVE-2022-45059
9	Swagger-UI Key Name cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00243	CVE-2016-1000229
10	akismet Plugin cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00078	CVE-2015-9357
11	TinyMCE Classic Editing Mode cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00115	CVE-2020-12648
12	WordPress REST API class-wp-rest-users-controller.php information disclosure	5.3	5.1	$5k-$25k	$0-$5k	Functional	Official Fix	0.00	0.87410	CVE-2017-5487
13	SAP Solman caf~eu~gp~example~timeoff~wd information disclosure	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00787	CVE-2016-10005
14	SAP NetWeaver XML External Entity	8.1	7.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00768	CVE-2015-7241
15	SAP Knowledge Warehouse KW cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00418	CVE-2021-42063
16	SAP NetWeaver AS JAVA Query String UIUtilJavaScriptJS directory traversal	7.0	6.8	$5k-$25k	$0-$5k	High	Workaround	0.03	0.00648	CVE-2017-12637
17	Apache HTTP Server Path Normalization directory traversal	7.3	6.8	$25k-$100k	$0-$5k	Functional	Official Fix	0.03	0.97462	CVE-2021-41773
18	Castle Rock SNMPc Online info.php4 information disclosure	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01640	CVE-2020-11554
19	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
20	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.31	0.01302	CVE-2007-0354

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	45.32.181.48	45.32.181.48.vultr.com	PcShare		2022-03-04	verified	Medium
2	XXX.X.XXX.XXX		Xxxxxxx		2022-03-04	verified	Wysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CWE-94	Argument Injection	predictive	Wysoki
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
6	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/dayrui/My/View/main.html	predictive	Wysoki
2	File	/includes/login.php	predictive	Wysoki
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
4	File	xxxxx.xxx	predictive	Medium
5	File	xxxx.xxxx	predictive	Medium
6	File	xxx/xxxxxxx/xxx/xxxxxx/xxxxxxx/xxx.xxx.xxxxxxxxxxxxxx.xxxxx.xxxxxxx	predictive	Wysoki
7	File	xxxxxxxxx/xx/xx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx	predictive	Wysoki
8	File	xxxxxxxxx/xxxxxxxxxx/xxx.xxx/xxx~xx~xx~xxxxxxx~xxxxxxx~xx	predictive	Wysoki
9	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Wysoki
10	Argument	xx	predictive	Niski
11	Argument	xxxx_xxxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Interested in the pricing of exploits?

See the underground prices here!