FIN8 Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
These are the vulnerabilities that we have identified as researched, approached, or attacked.
Campaigns (1)
These are the campaigns that can be associated with the actor:
- Badhatch
IOC - Indicator of Compromise (10)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
ID | IP address | Hostname | Actor | Campaigns | Identified | Type | Confidence |
---|---|---|---|---|---|---|---|
1 | 37.1.204.87 | FIN8 | 05/12/2022 | verified | Low | ||
2 | 37.10.71.215 | pewna-kamagra.pl | FIN8 | 12/27/2023 | verified | High | |
3 | XXX.XXX.XXX.XXX | xxxxx-xxxxxx.xxxxxxxxxxxx.xxx | Xxxx | Xxxxxxxx | 05/31/2021 | verified | Low |
4 | XXX.XXX.XXX.XX | xxxxx-xxxxxx.xxxxxxxxxxxx.xxx | Xxxx | 08/26/2021 | verified | Low | |
5 | XXX.XXX.XXX.XXX | . | Xxxx | 05/12/2022 | verified | Low | |
6 | XXX.XXX.XX.XX | Xxxx | 08/03/2023 | verified | High | ||
7 | XXX.XX.XXX.XX | xx.xxxxxxxxxx.xxxxx.xxx | Xxxx | 08/03/2023 | verified | High | |
8 | XXX.XX.XXX.XXX | xxxxx.xxxxxxxxxx.xxx | Xxxx | Xxxxxxxx | 05/31/2021 | verified | Low |
9 | XXX.XXX.XXX.XX | xxxxx-xxxxxx.xxxxxxxxxxxx.xxx | Xxxx | Xxxxxxxx | 05/31/2021 | verified | Low |
10 | XXX.XX.XXX.XX | xxx-xx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx | Xxxx | Xxxxxxxx | 05/31/2021 | verified | Low |
TTP - Tactics, Techniques, Procedures (25)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (268)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | .travis.yml | predictive | Medium |
2 | File | /+CSCOE+/logon.html | predictive | High |
3 | File | /adfs/ls | predictive | Medium |
4 | File | /admin.php?p=/Area/index#tab=t2 | predictive | High |
5 | File | /admin/add_ikev2.php | predictive | High |
6 | File | /admin/category_save.php | predictive | High |
7 | File | /admin/index2.html | predictive | High |
8 | File | /admin/list_ipAddressPolicy.php | predictive | High |
9 | File | /admin/manage_model.php | predictive | High |
10 | File | /admin/manage_user.php | predictive | High |
11 | File | /admin/search-vehicle.php | predictive | High |
12 | File | /admin/subject.php | predictive | High |
13 | File | /admin/system/dict/add.json?sqlid=system.dict.save | predictive | High |
14 | File | /admin/twitter.php | predictive | High |
15 | File | /api/v1/settings | predictive | High |
16 | File | /api/v1/toolbox/device/update/swap | predictive | High |
17 | File | /app/zentao/module/repo/model.php | predictive | High |
18 | File | /bin/httpd | predictive | Medium |
19 | File | /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini | predictive | High |
20 | File | /catalog/all-products | predictive | High |
21 | File | /cgi-bin/cstecgi.cgi | predictive | High |
22 | File | /cgi-bin/ExportSettings.sh | predictive | High |
23 | File | /cloudstore/ecode/setup/ecology_dev.zip | predictive | High |
24 | File | /com/esafenet/servlet/policy/HookService.java | predictive | High |
25 | File | /doctor/appointment-bwdates-reports-details.php | predictive | High |
26 | File | /edit-subject.php | predictive | High |
27 | File | /endpoint/add-user.php | predictive | High |
28 | File | /etc/postfix/sender_login | predictive | High |
29 | File | /etc/shadow.sample | predictive | High |
30 | File | /extensions/realestate/index.php/properties/list/list-with-sidebar/realties | predictive | High |
31 | File | /foms/routers/place-order.php | predictive | High |
32 | File | /forum/away.php | predictive | High |
33 | File | /xxxxxx/xxxxxxxxxxxxxxx | predictive | High |
34 | File | /xxxxxx/xxxxxxx | predictive | High |
35 | File | /xxxxxx/xxxxxxxxxxxxx | predictive | High |
36 | File | /xxxxxx/xxxxxxxxx | predictive | High |
37 | File | /xxxxxx/xxxxxxxxxxxxxxx | predictive | High |
38 | File | /xxxxxx/xxxxxxxxxxxxxx | predictive | High |
39 | File | /xxxxxx/xxxxxxxxxxxxx | predictive | High |
40 | File | /xxxx/xxxxxxx | predictive | High |
41 | File | /xxxxxx | predictive | Low |
42 | File | /xxxxxx.xxx | predictive | Medium |
43 | File | /xxxxx.xxx | predictive | Medium |
44 | File | /xxxxx.xxx/xxxxx | predictive | High |
45 | File | /xxxxx/xxxx/xxxx | predictive | High |
46 | File | /xxxxxx_xxx/xxxxxxx/xxxxxx/xxxxx/xxxxx.xxxx | predictive | High |
47 | File | /xxxxxx/xxxxxxxxxx.xxx | predictive | High |
48 | File | /xxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxxxx_xxxx | predictive | High |
49 | File | /xxxxx?xxxxxxx | predictive | High |
50 | File | /xxxxxxxxxxx.xxx/xxxxxxxx | predictive | High |
51 | File | /xxxxxx_xxxxxx.xxx | predictive | High |
52 | File | /xxxxxx_xxxxxxxx.xxx | predictive | High |
53 | File | /xxxxxx_xx.xxx | predictive | High |
54 | File | /xxxxxx_xxxx.xxx | predictive | High |
55 | File | /xxxxxxxxxxxxx.xx | predictive | High |
56 | File | /xxxxxxxxx.xxx | predictive | High |
57 | File | /xxx.xxx | predictive | Medium |
58 | File | /xxxxx.xxxx.xxx | predictive | High |
59 | File | /xxx/xxxx.xxx | predictive | High |
60 | File | /xxx/xxxxx/xxxxxx/xxxx_xxxxx.xxx | predictive | High |
61 | File | /xxxxx_xxxx_xxxxxxx.xxx | predictive | High |
62 | File | /xxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
63 | File | /xxxxxxxx.xxx | predictive | High |
64 | File | /xxxxxxx/xxxxxx/xxxxxxx | predictive | High |
65 | File | /xxx/xxxxxxx/xxx | predictive | High |
66 | File | /xxxx/xxxxxxxxx/xxxx/xxxxxxxx | predictive | High |
67 | File | /xxxxxx.xxx | predictive | Medium |
68 | File | /xxxx.xxx | predictive | Medium |
69 | File | /xxxxxx.xx/_xxxx/xxxxx | predictive | High |
70 | File | /xxx/xxxx/xxxxxxxxxxxx?xxxxxxxx=xxxxx | predictive | High |
71 | File | /xxxxxxx/xxxxxxxx/xxxxxxxxxxxxxx | predictive | High |
72 | File | /xxxxxxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
73 | File | /xxxxxxx/xxxxxxxxxxxxxx | predictive | High |
74 | File | /xxx/xxx/xxxxxxxx | predictive | High |
75 | File | /xxxxxxx.xx | predictive | Medium |
76 | File | /xxxx/xxxxxx_xxx.xxx | predictive | High |
77 | File | /xxxx_xxxx.xxx | predictive | High |
78 | File | xxx-xxxxxxxx.xxx | predictive | High |
79 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
80 | File | xxx_xxxxx_xxx_xxxx.xxx | predictive | High |
81 | File | xxxxx\xxxxxx.xxx | predictive | High |
82 | File | xxxx/xxxxx.xxx | predictive | High |
83 | File | xxxxxx/xx/xxxxxxxxxxxx.xx | predictive | High |
84 | File | xxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
85 | File | xxx_xxxxxxxx.xx | predictive | High |
86 | File | xxxx_xxxx_xx.xx | predictive | High |
87 | File | xxxxxxx.xx | predictive | Medium |
88 | File | xxxx/xx_xxxx.x | predictive | High |
89 | File | xxxxx/xxxx/xxxx/xxxx.xx | predictive | High |
90 | File | xxxxxxxxxxxxxxxxx.xxxx | predictive | High |
91 | File | xxx-xxx/xxxxxxx | predictive | High |
92 | File | xxxxxxxxxx.xxx | predictive | High |
93 | File | xxxxx.x | predictive | Low |
94 | File | xxxxx.xxx | predictive | Medium |
95 | File | xxx\xxxx\xxx\xxx\xxxxxxxxxxxxx\xxxxxxxxxxxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxxxx.xxxxx | predictive | High |
96 | File | xxxxxxxx.xxx | predictive | Medium |
97 | File | xxxxxxxx_xxxxxxxxxxxx.xxx | predictive | High |
98 | File | xxxxxxx/xxx/xxx/xxx_xxxxx.x | predictive | High |
99 | File | xxxxx.xxx | predictive | Medium |
100 | File | xxxxx.xxx | predictive | Medium |
101 | File | xxx/xxxxxxx/xxxxxxxxxxxxxx.x | predictive | High |
102 | File | xxx.xxx | predictive | Low |
103 | File | xxxx_xxxxxxxx.xxx | predictive | High |
104 | File | xx/xxxxx.x | predictive | Medium |
105 | File | xx/xxxxxxx.x | predictive | Medium |
106 | File | xxxxxxxxx.xxx | predictive | High |
107 | File | xxxxxxxxxxxx.xxx | predictive | High |
108 | File | xxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
109 | File | xxxx_xxxxxxx.xxx.xxx | predictive | High |
110 | File | xxxx/xxxxx/xxxxxxx.xxx.xxx | predictive | High |
111 | File | xxxxx | predictive | Low |
112 | File | xxxxxxx/xxxxxxx.xxx.xxx | predictive | High |
113 | File | xxxxxxxx/xxxxx-xx-xxxxxxxxx.xxx | predictive | High |
114 | File | xxxxx.xxx | predictive | Medium |
115 | File | xxxxxxx.xxx | predictive | Medium |
116 | File | xxxxxxx/xxxxxxxx.xxx | predictive | High |
117 | File | xx.xxx | predictive | Low |
118 | File | xx/xxxxxx/xxxxxxxxxxx | predictive | High |
119 | File | xxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx | predictive | High |
120 | File | xxx_xxx.xx | predictive | Medium |
121 | File | xxxxx.xxx | predictive | Medium |
122 | File | xxxxxxxxxxxx.xxx | predictive | High |
123 | File | xxxxxx.xxx | predictive | Medium |
124 | File | xxxxxx_xxxxxxxx.xxx | predictive | High |
125 | File | xxx_xxxxxx.x | predictive | Medium |
126 | File | xxx_xxxx.xxx | predictive | Medium |
127 | File | xxxxxxxxx.xxx | predictive | High |
128 | File | xxxxxxxx.xxx | predictive | Medium |
129 | File | xxxxx.xxxx.xxx | predictive | High |
130 | File | xxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
131 | File | xxxxxxxxxxxx.xxx | predictive | High |
132 | File | xxx.xx | predictive | Low |
133 | File | xxx/xxxxxx_xxxx.xxx | predictive | High |
134 | File | xxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxx | predictive | High |
135 | File | xxxxxxxx.xxx | predictive | Medium |
136 | File | xxxx-xxxxxxx.x | predictive | High |
137 | File | xxxxxxxx.xxx | predictive | Medium |
138 | File | xxxxxxxx_xx.xxx | predictive | High |
139 | File | xxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx | predictive | High |
140 | File | xxxxxxxxxxxxxxxx.xxx | predictive | High |
141 | File | xxx.xxxx | predictive | Medium |
142 | File | xxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxx | predictive | High |
143 | File | xxxxxxxx/xxxxx/xxxxxxx.xx | predictive | High |
144 | File | xxxx.xxx | predictive | Medium |
145 | File | xxxxx_xxxx.xxx | predictive | High |
146 | File | xxxxx_xxxx.xxx | predictive | High |
147 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
148 | File | xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxx | predictive | High |
149 | File | xxx/xxxx/xxxx/xxx/xxxxxxxxxxx/xxxxx/xxxxxx/xxxxxxxxxxx.xxxx | predictive | High |
150 | File | xxx/xxxx/xxxx/xxx/xxxxx/xxxxx/xxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
151 | File | xxx/xxxxx.xxxx | predictive | High |
152 | File | xxxxxx_xxxxx.xxx | predictive | High |
153 | File | xxxxxxx-xxxxxxxx.xxx | predictive | High |
154 | File | xxxxxxx-xxxxxxx.xxx | predictive | High |
155 | File | xxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
156 | File | xxxx-xxxxx.xxx | predictive | High |
157 | File | xxxx-xxxxxxxx.xxx | predictive | High |
158 | File | xxx.x | predictive | Low |
159 | File | xxxxxxxxx/xx_xxxxxxxxx.xxx | predictive | High |
160 | File | xxxx_xxxxxx.xxx | predictive | High |
161 | File | xxxx_xxxx.xxx | predictive | High |
162 | File | xxxx_xxxx_xxxx.xxx | predictive | High |
163 | File | xxxxxxxxx.xxx | predictive | High |
164 | File | xx-xxxx.xxx | predictive | Medium |
165 | File | xx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxx | predictive | High |
166 | File | xx-xxxxx.xxx | predictive | Medium |
167 | File | xxxxxxxx.x | predictive | Medium |
168 | File | \xxx\xxx\xxxxxxxxxxx\xxxxxx\xxxxxxxxxxxxxxxx.xxx | predictive | High |
169 | File | __xxx/xxxxxxxx/xxxxxx/xxxx/xxxxxx-xxxx?xxxxxx_xxxx=xxxx | predictive | High |
170 | Library | xxx/xxxx_xxxxx.x | predictive | High |
171 | Argument | $_xxxx['xxxxxxxxx'] | predictive | High |
172 | Argument | xxxxxxx | predictive | Low |
173 | Argument | xxx | predictive | Low |
174 | Argument | xxxxxxxx | predictive | Medium |
175 | Argument | xxxxxxxxxx | predictive | Medium |
176 | Argument | xxxxx | predictive | Low |
177 | Argument | xxxxxxx_xx | predictive | Medium |
178 | Argument | xxx | predictive | Low |
179 | Argument | xxxxxxxx | predictive | Medium |
180 | Argument | xxx | predictive | Low |
181 | Argument | xxxxx | predictive | Low |
182 | Argument | xxxxxx | predictive | Low |
183 | Argument | xxxxx | predictive | Low |
184 | Argument | xxxxxxxxxx | predictive | Medium |
185 | Argument | xxxx_xxxxx | predictive | Medium |
186 | Argument | xx | predictive | Low |
187 | Argument | xxxxxxxx | predictive | Medium |
188 | Argument | xxxxx | predictive | Low |
189 | Argument | xxxx | predictive | Low |
190 | Argument | xxxx | predictive | Low |
191 | Argument | xxxxxxxx | predictive | Medium |
192 | Argument | xxxxxxxx | predictive | Medium |
193 | Argument | xxxxx | predictive | Low |
194 | Argument | xxxxxxxxxxxxxxxxxxxxxx | predictive | High |
195 | Argument | xxxxx_xxxx_xxxx | predictive | High |
196 | Argument | xxxxxx | predictive | Low |
197 | Argument | xxxxxxxx/xxxxxx | predictive | High |
198 | Argument | xxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxx | predictive | High |
199 | Argument | xxxxxxx | predictive | Low |
200 | Argument | xxxxxxx | predictive | Low |
201 | Argument | xxxxxx | predictive | Low |
202 | Argument | xxxx | predictive | Low |
203 | Argument | xxxxxxx/xxxxxxx | predictive | High |
204 | Argument | xxx | predictive | Low |
205 | Argument | xx | predictive | Low |
206 | Argument | xx | predictive | Low |
207 | Argument | xxxxxx/xxxx/xxxx/xxxxxx | predictive | High |
208 | Argument | xxx_xxx | predictive | Low |
209 | Argument | xxxx | predictive | Low |
210 | Argument | xxxxxx/xx_xxxxxxxxx | predictive | High |
211 | Argument | xxxxxxxx[xx] | predictive | Medium |
212 | Argument | xxxx | predictive | Low |
213 | Argument | xxx | predictive | Low |
214 | Argument | xxx | predictive | Low |
215 | Argument | xxxxxxxxxx | predictive | Medium |
216 | Argument | xx_xxxxxx_xxxxxxxxxxxx | predictive | High |
217 | Argument | xx_xxxxx | predictive | Medium |
218 | Argument | xxxx | predictive | Low |
219 | Argument | xxxx/xxxxxx/xxxxxxx | predictive | High |
220 | Argument | xxxxxxxxxxx | predictive | Medium |
221 | Argument | xxxxxx | predictive | Low |
222 | Argument | xxxx | predictive | Low |
223 | Argument | xxxxxx | predictive | Low |
224 | Argument | xxxxx | predictive | Low |
225 | Argument | xxxxxxxx | predictive | Medium |
226 | Argument | xxxxxxxx | predictive | Medium |
227 | Argument | xxxx | predictive | Low |
228 | Argument | xxxx | predictive | Low |
229 | Argument | xxxx | predictive | Low |
230 | Argument | xxxxx | predictive | Low |
231 | Argument | xxxxxxxx | predictive | Medium |
232 | Argument | xxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxx | predictive | High |
233 | Argument | xxxxxxxx | predictive | Medium |
234 | Argument | xxxxxxxxxxxxxxxxxx | predictive | High |
235 | Argument | xxxxxxxxxxxxx | predictive | High |
236 | Argument | xxxxxxxxxx | predictive | Medium |
237 | Argument | xxx_xxx_xx | predictive | Medium |
238 | Argument | xxxxxxxxx | predictive | Medium |
239 | Argument | xxx['xxx_xxxxxxx']/xxx['xxx_xxxx'] | predictive | High |
240 | Argument | xxxxxx | predictive | Low |
241 | Argument | xxxxxxxxxxxxxxx | predictive | High |
242 | Argument | xxxx | predictive | Low |
243 | Argument | xxx | predictive | Low |
244 | Argument | xxxx/xxxx/xxxx/xxxx/xxxxx | predictive | High |
245 | Argument | xxxxxxxxxxx_xx | predictive | High |
246 | Argument | xxxx | predictive | Low |
247 | Argument | xxxxx | predictive | Low |
248 | Argument | xxxxx | predictive | Low |
249 | Argument | xxxxxxxx | predictive | Medium |
250 | Argument | xxxxxxxxxxx | predictive | Medium |
251 | Argument | xxxxxx/xxxxxxx-xxxxxxx | predictive | High |
252 | Argument | xxx | predictive | Low |
253 | Argument | xxx | predictive | Low |
254 | Argument | xxxx | predictive | Low |
255 | Argument | xxxxxxxx | predictive | Medium |
256 | Argument | xxxxxxxx | predictive | Medium |
257 | Argument | xxxxxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxxxxxx/xxxxxxxxxx | predictive | High |
258 | Argument | xxx_xxx | predictive | Low |
259 | Argument | xxxx/xxxxx/xxx/xxxx/xxxxxx | predictive | High |
260 | Argument | __xxxxxx | predictive | Medium |
261 | Input Value | x%xxxxx%xxx=x%xxxxxxx%xxxxxxxx%xxx,x,x,x,x,x,x,xxxx(),xxxxxxxx()--+ | predictive | High |
262 | Input Value | xxxxxxxxx\xxxxx -x xxxxxxxxxx | predictive | High |
263 | Input Value | <xxxxxx>xxxxx("xxx")</xxxxxx> | predictive | High |
264 | Input Value | xxxxxxx -xxx | predictive | Medium |
265 | Input Value | []xxxxxx{}/x["xxx"] | predictive | High |
266 | Input Value | \xxx\xxx | predictive | Medium |
267 | Network Port | xxx/xx (xxxx) | predictive | High |
268 | Network Port | xxx | predictive | Low |
References (5)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.morphisec.com/security-alert-fin8-is-back
- xxxxx://xxxxxxxxxxxxxxxx.xxxxxxxxxxx.xxx/xxxx-xxxx-xxxx-x-xxxx-xxxxxx-x-xxxxxxxx-xxxxxxxxxxxxx
- xxxxx://xxxxxxxxx.xxx/xxxx/xxxxxxx-x-xxxxx-xx-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xx-x-xxxxx-xxxxxxxxxx-xxxxxx
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/x/xxxx
- xxxxx://xxxx.xxxxxxxx.xx/xxxxxxx/xxxx/xxxx/xxxx.xx.xx/xxxxxxxx.xxx