FIN12 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (321)

タイムライン

言語

en300
it8
de4
zh4
pl2

国・地域

us102
cn4

アクター

Cobalt Strike2
Ryuk1
TrickBot1
SideWinder1
PhotoLoader1

アクティビティ

関心

タイムライン

タイプ

Not Defined156
Content Management System16
Web Browser12
Cloud Software10
Smartphone Operating System10

ベンダー

Not Defined106
Google14
Apple10
IBM8
Dell EMC8

製品

Google Android8
dotProject6
Virtual Programming VP-ASP6
Dell EMC CloudLink6
Google Chrome6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2OpenBB read.php SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.21CVE-2005-1612
3DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.15CVE-2010-0966
4DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027331.15CVE-2007-1167
5WordPress Media Attachment media-upload.php 特権昇格5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001970.00CVE-2012-6634
6jforum User 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.03CVE-2019-7550
7vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.29CVE-2018-6200
8Devilz Clanportal File Upload 未知の脆弱性5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.07CVE-2006-6338
9EQdkp dbal.php 特権昇格6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.031880.04CVE-2006-2256
10UJCMS File 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2023-51806
11Apple macOS Find My Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000520.03CVE-2023-40437
12Electron 弱い認証5.85.7$0-$5k計算中Not DefinedOfficial Fix0.000500.03CVE-2023-44402
13Siemens Tecnomatix Plant Simulation PRT File メモリ破損7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000550.00CVE-2023-37246
14starsoftcomm CooCare 特権昇格5.35.1$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2022-45988
15Google Chrome Blink Frames メモリ破損7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004200.00CVE-2022-4438
16Apple macOS DriverKit メモリ破損7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000940.00CVE-2022-32942
17miniOrange Google Authenticator Plugin 特権昇格6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000810.00CVE-2022-42461
18Cluster Statistics Plugin 未知の脆弱性4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000620.03CVE-2022-45398
19Huawei HarmonyOS Power Module 特権昇格6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001010.00CVE-2022-44554
20Cisco FirePOWER Management Center 特権昇格6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2022-20925

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.2.72.202pieterb.comFIN122021年10月10日verified
2XX.XX.XXX.XXXxxxx2021年10月10日verified
3XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxx.xxxXxxxx2021年10月10日verified
4XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxx2021年10月10日verified
5XXX.XX.XXX.XXxxxx2021年10月10日verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
9TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
10TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
13TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
14TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
16TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
19TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
20TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (142)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/backups/predictive
2File/config/getuserpredictive
3File/forum/away.phppredictive
4File/includes/session.phppredictive
5File/modules/admin/vw_usr_roles.phppredictive
6File/modules/projects/vw_files.phppredictive
7File/modules/public/calendar.phppredictive
8File/ofrs/admin/?page=requests/view_requestpredictive
9File/pet_shop/classes/Master.php?f=delete_sub_categorypredictive
10File/services/details.asppredictive
11File/thruk/#cgi-bin/extinfo.cgi?type=2predictive
12File/user/dls_download.phppredictive
13File/_core/profile/predictive
14Fileadclick.phppredictive
15Fileadditem.asppredictive
16Fileaddsite.phppredictive
17Fileadmin/review.phppredictive
18FileAdvancedBluetoothDetailsHeaderController.javapredictive
19Filexxxx/xxxxxxx-xxxxxxx-xxxxxx.xxxpredictive
20Filexxxxxxxx/x/xxxxx/xxxxx-xxxxxxxxxxxpredictive
21Filexxxxxxxxxxxxxxx.xxxpredictive
22Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxx.xxxpredictive
23Filexxxxxxxx/xxxxx.xxxpredictive
24Filexxxxxxx\xxxxxxx_xxxxxx.xxxpredictive
25Filexxxx.xxxpredictive
26Filexxxxxxxxxxxxx.xxpredictive
27Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictive
28Filexxx.xxxpredictive
29Filexxx_xxxx.xpredictive
30Filexxxxxx.xxx.xxxpredictive
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
32Filexx.xxxpredictive
33Filexxxxxxxxxxxx.xxpredictive
34Filexxxxxxxxxxxxxxx.xxxpredictive
35Filexxxx-xxxx.xxxpredictive
36Filexxxxxx.xxxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
40Filexxxxxxxxxxxxx.xxxpredictive
41Filexxxxxxx.xxxpredictive
42Filexxxxxx.xxxpredictive
43Filexxx/xxxxxx.xxxpredictive
44Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
45Filexxxxxxxx/xxxx.xxxpredictive
46Filexxxxx.xxxpredictive
47Filexxxxxxx/xxxxxxx.xxxpredictive
48Filexxxxxxxxxx.xxxpredictive
49Filexxxxx.xxxxxxx.xxxpredictive
50Filexxxx_xxxx.xxxpredictive
51Filexxxx_xxxx.xxxpredictive
52Filexxxxxxx.xpredictive
53Filexxxxxx/xxx/xxxxxxxx.xpredictive
54Filexxx/xxxxx.xxpredictive
55Filexxxxxxxxx.xxpredictive
56Filexxxxx.xxxpredictive
57Filexxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
58Filexxxxxx.xxxpredictive
59Filexxxxxxxxxxxxx.xxxxpredictive
60Filexxxxx_xxxxxx.xxxpredictive
61Filexxxxxxxxxxxxxx.xxxpredictive
62Filexxxxxxx_xxxxxxx.xxxpredictive
63Filexxxxxx.xxxpredictive
64Filexxxx.xxxpredictive
65Filexxxxxxxxxx.xxxpredictive
66Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
67Filexxx_xxx.xxpredictive
68Filexxxxxxxxxxxxx.xxxpredictive
69Filexxxxxxxxx.xxxpredictive
70Filexxxxxxx.xxxpredictive
71Filexxxxxxxxxxxxxxxx.xxxpredictive
72Filexxxx.xxxpredictive
73Filexxxx_xxxx.xxxpredictive
74Filexxxxx.xxpredictive
75Filexxxxxxx.xpredictive
76Filexxxx.xxxpredictive
77Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
78Filexxxxxxxx.xxxpredictive
79Filexxxxxxxxxxxxxxx.xxxxpredictive
80Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
81Libraryxxx_xxxxxx.xxxpredictive
82Libraryxxxxxxxxx.xxxpredictive
83Libraryxxxxxxxx.xxxpredictive
84Argumentxxxxxxpredictive
85Argumentxxxxxxxpredictive
86Argumentxxxxxx[xxxx]predictive
87Argumentxxxxxxxpredictive
88Argumentxxxxxxxxpredictive
89Argumentxxxxxxxxpredictive
90Argumentxxxx_xxxpredictive
91Argumentxxxx_xxpredictive
92Argumentxxxxxxxpredictive
93Argumentxxxxxxxxxxpredictive
94Argumentxxxxxx_xxxxxxxpredictive
95Argumentxxxxxx_xxxxxx_xxpredictive
96Argumentxxxxxxxx[xxxx_xxx]predictive
97Argumentxxxxxpredictive
98Argumentxxx_xxxxpredictive
99Argumentxxxxx_xxxx_xxxxpredictive
100Argumentxxxxxxx_xxpredictive
101Argumentxxxxxxxxpredictive
102Argumentxxxxpredictive
103Argumentxxxx_xxxxxpredictive
104Argumentxxxx/xxxxxxx/xxxxxxxpredictive
105Argumentxxxxpredictive
106Argumentxxpredictive
107Argumentxxxxxxxx_xxxxxxxx_xpredictive
108Argumentxxxxxxxxxpredictive
109Argumentxxx_xxxpredictive
110Argumentxxx_xxxpredictive
111Argumentxxxx_xxpredictive
112Argumentxxxxxpredictive
113Argumentxxx_xxxxxxx_xxxpredictive
114Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
115Argumentxxxxpredictive
116Argumentxxpredictive
117Argumentxxxxxxxpredictive
118Argumentxxxxxxx/xxxxxpredictive
119Argumentxxxxpredictive
120Argumentxxxxx_xxxx_xxxxpredictive
121Argumentxxxx_xxpredictive
122Argumentxxxxx_xxxxxxpredictive
123Argumentxxx_xxxxpredictive
124Argumentxxxxxxxxxxpredictive
125Argumentxxxx_xxxxpredictive
126Argumentxxx_xxxxx_xxx/xxx_xxxxxx_xxxpredictive
127Argumentxxxxxxx_xxpredictive
128Argumentxxxxpredictive
129Argumentxxxxxxpredictive
130Argumentxxxxxxxxxpredictive
131Argumentxxxxxxpredictive
132Argumentxxxxxxxxxxpredictive
133Argumentxxxxxxxxpredictive
134Argumentxxxxx_xxxxpredictive
135Argumentxxxpredictive
136Argumentxxxxx/xxxxxxxxxxxpredictive
137Argumentxxxpredictive
138Argumentxxxxxxxxpredictive
139Argumentxxxxxxxxpredictive
140Argumentxxxxxxxxpredictive
141Argumentxxxxxxxx/xxxxxxxxpredictive
142Input Value\xxx../../../../xxx/xxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!