FIN12 Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (322)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en298
it8
zh4
ja4
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA118
CN: China6
GB: Great Britain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike2
Ryuk1
TrickBot1
SideWinder1
PhotoLoader1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined148
Content Management System22
Smartphone Operating System12
Cloud Software10
WordPress Plugin10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined114
Google12
Apple10
Dell EMC6
Microsoft6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
Apple macOS4
Dell EMC CloudLink4
Conti.Ransom4
Virtual Programming VP-ASP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.003260.05CVE-2005-1612
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.55CVE-2010-0966
4DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.086880.05CVE-2007-1167
5WordPress Media Attachment media-upload.php access control5.45.2$5k-$25k$0-$5kNot definedOfficial fix 0.005980.02CVE-2012-6634
6jforum username User input validation5.35.3$0-$5k$0-$5kNot definedNot defined 0.004430.08CVE-2019-7550
7vBulletin redirector.php6.66.6$0-$5k$0-$5kNot definedNot defined 0.153840.08CVE-2018-6200
8Devilz Clanportal File Upload5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.044800.05CVE-2006-6338
9EQdkp dbal.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.127640.00CVE-2006-2256
10SourceCodester Kortex Lite Advocate Office Management System delete_act.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.001020.08CVE-2024-7639
11UJCMS File unrestricted upload5.35.3$0-$5k$0-$5kNot definedNot defined 0.000880.00CVE-2023-51806
12Apple macOS Find My privilege escalation5.55.3$5k-$25k$0-$5kNot definedOfficial fix 0.000700.05CVE-2023-40437
13Electron data authenticity5.85.7$0-$5k$0-$5kNot definedOfficial fix 0.001150.00CVE-2023-44402
14Siemens Tecnomatix Plant Simulation PRT File heap-based overflow7.87.6$5k-$25k$0-$5kNot definedOfficial fix 0.000840.00CVE-2023-37246
15starsoftcomm CooCare unrestricted upload6.56.4$0-$5k$0-$5kNot definedNot defined 0.005020.00CVE-2022-45988
16Google Chrome Blink Frames use after free7.57.4$25k-$100k$5k-$25kNot definedOfficial fix 0.002200.00CVE-2022-4438
17Apple macOS DriverKit memory corruption7.87.6$5k-$25k$0-$5kNot definedOfficial fix 0.000390.00CVE-2022-32942
18miniOrange Google Authenticator Plugin access control6.86.8$0-$5k$0-$5kNot definedNot defined 0.001210.00CVE-2022-42461
19Cluster Statistics Plugin cross-site request forgery4.34.3$0-$5k$0-$5kNot definedNot defined 0.000470.00CVE-2022-45398
20Huawei HarmonyOS Power Module permission6.56.5$5k-$25k$5k-$25kNot definedNot defined 0.000720.00CVE-2022-44554

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.72.202pieterb.comFIN1210/10/2021verifiedLow
2XX.XX.XXX.XXXxxxx10/10/2021verifiedLow
3XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxx.xxxXxxxx10/10/2021verifiedVery Low
4XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxx10/10/2021verifiedVery Low
5XXX.XX.XXX.XXxxxx10/10/2021verifiedLow

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (143)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/backups/predictiveMedium
2File/config/getuserpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/includes/session.phppredictiveHigh
5File/modules/admin/vw_usr_roles.phppredictiveHigh
6File/modules/projects/vw_files.phppredictiveHigh
7File/modules/public/calendar.phppredictiveHigh
8File/ofrs/admin/?page=requests/view_requestpredictiveHigh
9File/pet_shop/classes/Master.php?f=delete_sub_categorypredictiveHigh
10File/services/details.asppredictiveHigh
11File/thruk/#cgi-bin/extinfo.cgi?type=2predictiveHigh
12File/user/dls_download.phppredictiveHigh
13File/_core/profile/predictiveHigh
14Fileadclick.phppredictiveMedium
15Fileadditem.asppredictiveMedium
16Fileaddsite.phppredictiveMedium
17Fileadmin/review.phppredictiveHigh
18FileAdvancedBluetoothDetailsHeaderController.javapredictiveHigh
19Filexxxx/xxxxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
20Filexxxxxxxx/x/xxxxx/xxxxx-xxxxxxxxxxxpredictiveHigh
21Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
23Filexxxxxxxx/xxxxx.xxxpredictiveHigh
24Filexxxxxxx\xxxxxxx_xxxxxx.xxxpredictiveHigh
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxxxxxx.xxpredictiveHigh
27Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
28Filexxx.xxxpredictiveLow
29Filexxx_xxxx.xpredictiveMedium
30Filexxxxxx.xxx.xxxpredictiveHigh
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexx.xxxpredictiveLow
33Filexxxxxx_xxx.xxxpredictiveHigh
34Filexxxxxxxxxxxx.xxpredictiveHigh
35Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxx-xxxx.xxxpredictiveHigh
37Filexxxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxx.xxxpredictiveMedium
44Filexxx/xxxxxx.xxxpredictiveHigh
45Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx/xxxx.xxxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxxxxx.xxxpredictiveHigh
51Filexxxx_xxxx.xxxpredictiveHigh
52Filexxxx_xxxx.xxxpredictiveHigh
53Filexxxxxxx.xpredictiveMedium
54Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
55Filexxx/xxxxx.xxpredictiveMedium
56Filexxxxxxxxx.xxpredictiveMedium
57Filexxxxx.xxxpredictiveMedium
58Filexxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
59Filexxxxxx.xxxpredictiveMedium
60Filexxxxxxxxxxxxx.xxxxpredictiveHigh
61Filexxxxx_xxxxxx.xxxpredictiveHigh
62Filexxxxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
64Filexxxxxx.xxxpredictiveMedium
65Filexxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
68Filexxx_xxx.xxpredictiveMedium
69Filexxxxxxxxxxxxx.xxxpredictiveHigh
70Filexxxxxxxxx.xxxpredictiveHigh
71Filexxxxxxx.xxxpredictiveMedium
72Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
73Filexxxx.xxxpredictiveMedium
74Filexxxx_xxxx.xxxpredictiveHigh
75Filexxxxx.xxpredictiveMedium
76Filexxxxxxx.xpredictiveMedium
77Filexxxx.xxxpredictiveMedium
78Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
79Filexxxxxxxx.xxxpredictiveMedium
80Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
81Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
82Libraryxxx_xxxxxx.xxxpredictiveHigh
83Libraryxxxxxxxxx.xxxpredictiveHigh
84Libraryxxxxxxxx.xxxpredictiveMedium
85ArgumentxxxxxxpredictiveLow
86ArgumentxxxxxxxpredictiveLow
87Argumentxxxxxx[xxxx]predictiveMedium
88ArgumentxxxxxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxx_xxxpredictiveMedium
92Argumentxxxx_xxpredictiveLow
93ArgumentxxxxxxxpredictiveLow
94ArgumentxxxxxxxxxxpredictiveMedium
95Argumentxxxxxx_xxxxxxxpredictiveHigh
96Argumentxxxxxx_xxxxxx_xxpredictiveHigh
97Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
98ArgumentxxxxxpredictiveLow
99Argumentxxx_xxxxpredictiveMedium
100Argumentxxxxx_xxxx_xxxxpredictiveHigh
101Argumentxxxxxxx_xxpredictiveMedium
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxpredictiveLow
104Argumentxxxx_xxxxxpredictiveMedium
105Argumentxxxx/xxxxxxx/xxxxxxxpredictiveHigh
106ArgumentxxxxpredictiveLow
107ArgumentxxpredictiveLow
108Argumentxxxxxxxx_xxxxxxxx_xpredictiveHigh
109ArgumentxxxxxxxxxpredictiveMedium
110Argumentxxx_xxxpredictiveLow
111Argumentxxx_xxxpredictiveLow
112Argumentxxxx_xxpredictiveLow
113ArgumentxxxxxpredictiveLow
114Argumentxxx_xxxxxxx_xxxpredictiveHigh
115Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
116ArgumentxxxxpredictiveLow
117ArgumentxxpredictiveLow
118ArgumentxxxxxxxpredictiveLow
119Argumentxxxxxxx/xxxxxpredictiveHigh
120ArgumentxxxxpredictiveLow
121Argumentxxxxx_xxxx_xxxxpredictiveHigh
122Argumentxxxx_xxpredictiveLow
123Argumentxxxxx_xxxxxxpredictiveMedium
124Argumentxxx_xxxxpredictiveMedium
125ArgumentxxxxxxxxxxpredictiveMedium
126Argumentxxxx_xxxxpredictiveMedium
127Argumentxxx_xxxxx_xxx/xxx_xxxxxx_xxxpredictiveHigh
128Argumentxxxxxxx_xxpredictiveMedium
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxxpredictiveLow
131ArgumentxxxxxxxxxpredictiveMedium
132ArgumentxxxxxxpredictiveLow
133ArgumentxxxxxxxxxxpredictiveMedium
134ArgumentxxxxxxxxpredictiveMedium
135Argumentxxxxx_xxxxpredictiveMedium
136ArgumentxxxpredictiveLow
137Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
138ArgumentxxxpredictiveLow
139ArgumentxxxxxxxxpredictiveMedium
140ArgumentxxxxxxxxpredictiveMedium
141ArgumentxxxxxxxxpredictiveMedium
142Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
143Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!