FIN8 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en126
zh126
ru100
ja86
pl84

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia102
PL: Poland84
ES: Spain76
CN: China74
FR: France74

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rhadamanthys1
RedLine Stealer1
Stealc1
Storm-05581
Clop1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined100
WordPress Plugin34
Content Management System8
Operating System6
Groupware Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined60
Tenda20
Microsoft12
ISC4
Kashipara4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E10
MailCleaner6
OpenSSH4
Microsoft Windows4
Kashipara Online Furniture Shopping Ecommerce Webs ...4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.05CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.14CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.05CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.05CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.09CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-33688
9Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3074
10Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.05CVE-2021-44790
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
13Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-32955
14Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
15Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33690
16ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
17AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
18Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948
19Dell Repository Manager Logger Module improper authorization3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-28977
20Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32775

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Badhatch

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.1.204.87FIN805/12/2022verifiedMedium
237.10.71.215pewna-kamagra.plFIN812/27/2023verifiedVery High
3XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxxxxxx05/31/2021verifiedLow
4XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx08/26/2021verifiedMedium
5XXX.XXX.XXX.XXX.Xxxx05/12/2022verifiedMedium
6XXX.XXX.XX.XXXxxx08/03/2023verifiedVery High
7XXX.XX.XXX.XXxx.xxxxxxxxxx.xxxxx.xxxXxxx08/03/2023verifiedVery High
8XXX.XX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxXxxxxxxx05/31/2021verifiedLow
9XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxxxxxx05/31/2021verifiedLow
10XXX.XX.XXX.XXxxx-xx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxXxxxxxxx05/31/2021verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
2File/catalog/all-productspredictiveHigh
3File/changePasswordpredictiveHigh
4File/forum/away.phppredictiveHigh
5File/goform/addIpMacBindpredictiveHigh
6File/goform/DelDhcpRulepredictiveHigh
7File/goform/delIpMacBindpredictiveHigh
8File/goform/DelPortMappingpredictiveHigh
9File/goform/modifyDhcpRulepredictiveHigh
10File/goform/modifyIpMacBindpredictiveHigh
11File/goform/setBlackRulepredictiveHigh
12File/xxxxxx/xxxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
19File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
20File/xxxxxx_xx.xxxpredictiveHigh
21File/xxx.xxxpredictiveMedium
22File/xxxxx.xxxx.xxxpredictiveHigh
23File/xxxxxxxx.xxxpredictiveHigh
24File/xxx/xxxxxxx/xxxpredictiveHigh
25File/xxxxxx.xx/_xxxx/xxxxxpredictiveHigh
26File/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
27File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
28File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
29Filexxxxxxx.xxpredictiveMedium
30Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexx/xxxxxxx.xpredictiveMedium
33Filexxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
37Filexx.xxxpredictiveLow
38Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
39Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxx.xxxx.xxxpredictiveHigh
43Filexxx.xxpredictiveLow
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxxx_xx.xxxpredictiveHigh
47Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
49Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
50Filexxxx-xxxxx.xxxpredictiveHigh
51Filexxxx-xxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxx/xx_xxxxxxxxx.xxxpredictiveHigh
53Argumentxxxxx_xxxxxpredictiveMedium
54ArgumentxxxxxxxxxxxxxpredictiveHigh
55ArgumentxxxpredictiveLow
56ArgumentxxxxxxxxxpredictiveMedium
57ArgumentxxxxxpredictiveLow
58ArgumentxxxxxxxxxxxxpredictiveMedium
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxpredictiveLow
61ArgumentxxpredictiveLow
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxpredictiveLow
64ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
65Argumentxx/xxxxpredictiveLow
66ArgumentxxxxxxxpredictiveLow
67ArgumentxxpredictiveLow
68ArgumentxxpredictiveLow
69ArgumentxxxxxxxxxxxxxxpredictiveHigh
70ArgumentxxxxxxxxxxxxxpredictiveHigh
71Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
72ArgumentxxxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxxxxxpredictiveMedium
74Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
75Argumentxx_xxxxxpredictiveMedium
76ArgumentxxxxpredictiveLow
77Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
78ArgumentxxxxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
80Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
81ArgumentxxxxxxpredictiveLow
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
84ArgumentxxxxxxxxxpredictiveMedium
85Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
86ArgumentxxxpredictiveLow
87ArgumentxxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxxxxpredictiveMedium
91Argumentxxx_xxxpredictiveLow
92Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh
93Network Portxxx/xx (xxxx)predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!