FIN12 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (321)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en300
it8
de4
ja4
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us102
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike2
Ryuk1
TrickBot1
SideWinder1
PhotoLoader1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined134
Content Management System20
Smartphone Operating System18
Router Operating System10
Cloud Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined108
Google12
Apple8
Adobe8
Huawei8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Huawei Smartphone6
Dell EMC CloudLink6
dotProject6
Google Android6
Indexu4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2005-1612
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.94CVE-2010-0966
4DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.56CVE-2007-1167
5WordPress Media Attachment media-upload.php access control5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001570.03CVE-2012-6634
6jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
7vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.34CVE-2018-6200
8Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.04CVE-2006-6338
9EQdkp dbal.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.031880.02CVE-2006-2256
10UJCMS File unrestricted upload5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2023-51806
11Apple macOS Find My Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000520.04CVE-2023-40437
12Electron data authenticity5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.03CVE-2023-44402
13Siemens Tecnomatix Plant Simulation PRT File heap-based overflow7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000550.00CVE-2023-37246
14starsoftcomm CooCare unrestricted upload5.35.1$0-$5k$0-$5kNot DefinedNot Defined0.000420.03CVE-2022-45988
15Google Chrome Blink Frames use after free7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002990.09CVE-2022-4438
16Apple macOS DriverKit memory corruption7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000790.00CVE-2022-32942
17miniOrange Google Authenticator Plugin access control6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2022-42461
18Cluster Statistics Plugin cross-site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000560.06CVE-2022-45398
19Huawei HarmonyOS Power Module permission6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000880.00CVE-2022-44554
20Cisco FirePOWER Management Center command injection6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2022-20925

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.72.202pieterb.comFIN1210/10/2021verifiedHigh
2XX.XX.XXX.XXXxxxx10/10/2021verifiedHigh
3XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxx.xxxXxxxx10/10/2021verifiedMedium
4XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxx10/10/2021verifiedMedium
5XXX.XX.XXX.XXxxxx10/10/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-94Argument InjectionpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (142)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/backups/predictiveMedium
2File/config/getuserpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/includes/session.phppredictiveHigh
5File/modules/admin/vw_usr_roles.phppredictiveHigh
6File/modules/projects/vw_files.phppredictiveHigh
7File/modules/public/calendar.phppredictiveHigh
8File/ofrs/admin/?page=requests/view_requestpredictiveHigh
9File/pet_shop/classes/Master.php?f=delete_sub_categorypredictiveHigh
10File/services/details.asppredictiveHigh
11File/thruk/#cgi-bin/extinfo.cgi?type=2predictiveHigh
12File/user/dls_download.phppredictiveHigh
13File/_core/profile/predictiveHigh
14Fileadclick.phppredictiveMedium
15Fileadditem.asppredictiveMedium
16Fileaddsite.phppredictiveMedium
17Fileadmin/review.phppredictiveHigh
18FileAdvancedBluetoothDetailsHeaderController.javapredictiveHigh
19Filexxxx/xxxxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
20Filexxxxxxxx/x/xxxxx/xxxxx-xxxxxxxxxxxpredictiveHigh
21Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
23Filexxxxxxxx/xxxxx.xxxpredictiveHigh
24Filexxxxxxx\xxxxxxx_xxxxxx.xxxpredictiveHigh
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxxxxxx.xxpredictiveHigh
27Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
28Filexxx.xxxpredictiveLow
29Filexxx_xxxx.xpredictiveMedium
30Filexxxxxx.xxx.xxxpredictiveHigh
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexx.xxxpredictiveLow
33Filexxxxxxxxxxxx.xxpredictiveHigh
34Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxx-xxxx.xxxpredictiveHigh
36Filexxxxxx.xxxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
40Filexxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxx.xxxpredictiveMedium
43Filexxx/xxxxxx.xxxpredictiveHigh
44Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
45Filexxxxxxxx/xxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxxxxx.xxxpredictiveHigh
50Filexxxx_xxxx.xxxpredictiveHigh
51Filexxxx_xxxx.xxxpredictiveHigh
52Filexxxxxxx.xpredictiveMedium
53Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
54Filexxx/xxxxx.xxpredictiveMedium
55Filexxxxxxxxx.xxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxx.xxxpredictiveMedium
59Filexxxxxxxxxxxxx.xxxxpredictiveHigh
60Filexxxxx_xxxxxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
63Filexxxxxx.xxxpredictiveMedium
64Filexxxx.xxxpredictiveMedium
65Filexxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
67Filexxx_xxx.xxpredictiveMedium
68Filexxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxxx.xxxpredictiveHigh
70Filexxxxxxx.xxxpredictiveMedium
71Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
72Filexxxx.xxxpredictiveMedium
73Filexxxx_xxxx.xxxpredictiveHigh
74Filexxxxx.xxpredictiveMedium
75Filexxxxxxx.xpredictiveMedium
76Filexxxx.xxxpredictiveMedium
77Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
78Filexxxxxxxx.xxxpredictiveMedium
79Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
80Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
81Libraryxxx_xxxxxx.xxxpredictiveHigh
82Libraryxxxxxxxxx.xxxpredictiveHigh
83Libraryxxxxxxxx.xxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxxpredictiveLow
86Argumentxxxxxx[xxxx]predictiveMedium
87ArgumentxxxxxxxpredictiveLow
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxx_xxxpredictiveMedium
91Argumentxxxx_xxpredictiveLow
92ArgumentxxxxxxxpredictiveLow
93ArgumentxxxxxxxxxxpredictiveMedium
94Argumentxxxxxx_xxxxxxxpredictiveHigh
95Argumentxxxxxx_xxxxxx_xxpredictiveHigh
96Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
97ArgumentxxxxxpredictiveLow
98Argumentxxx_xxxxpredictiveMedium
99Argumentxxxxx_xxxx_xxxxpredictiveHigh
100Argumentxxxxxxx_xxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103Argumentxxxx_xxxxxpredictiveMedium
104Argumentxxxx/xxxxxxx/xxxxxxxpredictiveHigh
105ArgumentxxxxpredictiveLow
106ArgumentxxpredictiveLow
107Argumentxxxxxxxx_xxxxxxxx_xpredictiveHigh
108ArgumentxxxxxxxxxpredictiveMedium
109Argumentxxx_xxxpredictiveLow
110Argumentxxx_xxxpredictiveLow
111Argumentxxxx_xxpredictiveLow
112ArgumentxxxxxpredictiveLow
113Argumentxxx_xxxxxxx_xxxpredictiveHigh
114Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
115ArgumentxxxxpredictiveLow
116ArgumentxxpredictiveLow
117ArgumentxxxxxxxpredictiveLow
118Argumentxxxxxxx/xxxxxpredictiveHigh
119ArgumentxxxxpredictiveLow
120Argumentxxxxx_xxxx_xxxxpredictiveHigh
121Argumentxxxx_xxpredictiveLow
122Argumentxxxxx_xxxxxxpredictiveMedium
123Argumentxxx_xxxxpredictiveMedium
124ArgumentxxxxxxxxxxpredictiveMedium
125Argumentxxxx_xxxxpredictiveMedium
126Argumentxxx_xxxxx_xxx/xxx_xxxxxx_xxxpredictiveHigh
127Argumentxxxxxxx_xxpredictiveMedium
128ArgumentxxxxpredictiveLow
129ArgumentxxxxxxpredictiveLow
130ArgumentxxxxxxxxxpredictiveMedium
131ArgumentxxxxxxpredictiveLow
132ArgumentxxxxxxxxxxpredictiveMedium
133ArgumentxxxxxxxxpredictiveMedium
134Argumentxxxxx_xxxxpredictiveMedium
135ArgumentxxxpredictiveLow
136Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
137ArgumentxxxpredictiveLow
138ArgumentxxxxxxxxpredictiveMedium
139ArgumentxxxxxxxxpredictiveMedium
140ArgumentxxxxxxxxpredictiveMedium
141Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
142Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!