FinFisher Analysis

IOB - Indicator of Behavior (72)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en66
de4
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Fortinet FortiOS4
Drupal4
phpMyAdmin4
Apple AirPort Base Station2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Schneider Electric EcoStruxure Control Expert/Unity Pro write-what-where condition7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01036CVE-2020-7560
2PHPsFTPd Login inc.login.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01319CVE-2005-2314
3xmlhttprequest/xmlhttprequest-ssl XMLHttpRequest injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.15351CVE-2020-28502
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.04187CVE-2010-0966
5phpMyAdmin Configuration File setup.php code injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.020.86435CVE-2009-1151
6Microsoft Windows Mark of the Web unknown vulnerability5.45.1$25k-$100k$5k-$25kFunctionalOfficial Fix0.020.09127CVE-2022-41049
7Tesla Model 3 bcmdhd Driver access control7.87.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000CVE-2022-42431
8Drupal Database Abstraction API expandArguments sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.040.93531CVE-2014-3704
9Apple macOS Kernel out-of-bounds write7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000.01363CVE-2022-32894
10hMailServer IMAP Server input validation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.060.06790CVE-2008-3676
11Supermicro BMC improper authentication9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.38796CVE-2013-4782
12XMLBeans XML Parser xml external entity reference7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01859CVE-2021-23926
13TeamSpeak Client QT Framework access control8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01689CVE-2019-11351
14SolarWinds Orion Platform MSMQ permission9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01156CVE-2021-25274
15HPE iLO 4/iLO 5 7pk security5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.02614CVE-2018-7105
16Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.070.01136CVE-2014-2120
17Microsoft Windows Remote Desktop Client Remote Code Execution8.87.7$100k and more$5k-$25kUnprovenOfficial Fix0.030.01601CVE-2021-38666
18Backdoor.Win32.Prorat.ntz FTP Server hard-coded password7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.010.00000
19Fortinet FortiOS fnsysctl access control5.75.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01365CVE-2017-14187
20Francisco Burzi PHP-Nuke Error Message db.php information disclosure5.35.3$0-$5k$0-$5kNot DefinedUnavailable0.030.01136CVE-2005-0433

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Turkey March for Justice

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2Fileadmin.phppredictiveMedium
3Filebooks.phppredictiveMedium
4Filecgi-bin/mainfunction.cgipredictiveHigh
5Filedata/gbconfiguration.datpredictiveHigh
6Filexx.xxxpredictiveLow
7Filexxxxxx.xxxpredictiveMedium
8Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
9Filexxxxx_xxxxxx.xpredictiveHigh
10Filexxxxx_xxxxxx.xxxpredictiveHigh
11Filexxx.xxxxx.xxxpredictiveHigh
12Filexxx/xxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxx.xxx.xxxpredictiveMedium
15Filexxx_xxx.xpredictiveMedium
16Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
17Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
18Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
22Libraryxxxxxx.xxxpredictiveMedium
23Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
24Libraryxxxxx.xxxpredictiveMedium
25Argument-xpredictiveLow
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxxxxxpredictiveLow
28ArgumentxxxpredictiveLow
29Argumentxxx_xxpredictiveLow
30Argumentxxxx_xxxxpredictiveMedium
31ArgumentxxxxxxxxxxpredictiveMedium
32Argumentxxx_x_xxxpredictiveMedium
33Argumentxx_xxxxxpredictiveMedium
34Argumentxxxxx_xxxxxxxxpredictiveHigh
35Argumentxxxx_xxpredictiveLow
36Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
37ArgumentxxxxpredictiveLow
38ArgumentxxxpredictiveLow
39Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
40Network Portxxx/xxxx (xxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!