FinFisher Analysis

IOB - Indicator of Behavior (79)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en74
de4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us52
ru12
cn6
tr4
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Schneider Electric Modicon M2212
Microsoft Windows2
Backdoor.Win32.Prorat.ntz2
Apple AirPort Base Station2
ownCloud graphapi2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Schneider Electric EcoStruxure Control Expert/Unity Pro write-what-where condition7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00072CVE-2020-7560
2Tridium Niagara AX/Niagra 4 path traversal6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00256CVE-2017-16744
3PHPsFTPd Login inc.login.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01298CVE-2005-2314
4xmlhttprequest/xmlhttprequest-ssl XMLHttpRequest injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03027CVE-2020-28502
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.850.00943CVE-2010-0966
6phpMyAdmin Configuration File setup.php code injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.000.79256CVE-2009-1151
7OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.09738CVE-2022-1292
8ownCloud graphapi GetPhpInfo.php information disclosure7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.110.89250CVE-2023-49103
9Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00668CVE-2022-27228
10HP Integrated Lights-Out IPMI Protocol credentials management8.28.0$5k-$25k$0-$5kHighWorkaround0.020.27196CVE-2013-4786
11Linux Kernel BPF inode.c nilfs_new_inode use after free5.35.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00045CVE-2022-3649
12Microsoft Windows Mark of the Web unknown vulnerability5.45.1$25k-$100k$5k-$25kFunctionalOfficial Fix0.000.00278CVE-2022-41049
13Tesla Model 3 bcmdhd Driver access control7.87.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00045CVE-2022-42431
14Drupal Database Abstraction API expandArguments sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.050.97537CVE-2014-3704
15Apple macOS Kernel Coldtro out-of-bounds write7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000.00149CVE-2022-32894
16hMailServer IMAP Server input validation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.05845CVE-2008-3676
17Supermicro BMC improper authentication9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.05744CVE-2013-4782
18XMLBeans XML Parser xml external entity reference7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00372CVE-2021-23926
19TeamSpeak Client QT Framework access control8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01857CVE-2019-11351
20SolarWinds Orion Platform MSMQ permission9.89.4$0-$5kCalculatingNot DefinedOfficial Fix0.000.05160CVE-2021-25274

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Turkey March for Justice

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2Fileadmin.phppredictiveMedium
3Filebooks.phppredictiveMedium
4Filecgi-bin/mainfunction.cgipredictiveHigh
5Filec_rehashpredictiveMedium
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexx.xxxpredictiveLow
8Filexxxxxx.xxxpredictiveMedium
9Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
10Filexxxxx_xxxxxx.xpredictiveHigh
11Filexx/xxxxxx/xxxxx.xpredictiveHigh
12Filexxxxxxxxxx.xxxpredictiveHigh
13Filexxxxx_xxxxxx.xxxpredictiveHigh
14Filexxx.xxxxx.xxxpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxx.xxx.xxxpredictiveMedium
18Filexxx_xxx.xpredictiveMedium
19Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
20Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
21Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxx.xxxpredictiveMedium
24Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
25Libraryxxxxxx.xxxpredictiveMedium
26Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
27Libraryxxxxx.xxxpredictiveMedium
28Argument-xpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxpredictiveLow
31ArgumentxxxpredictiveLow
32Argumentxxx_xxpredictiveLow
33Argumentxxxx_xxxxpredictiveMedium
34ArgumentxxxxxxxxxxpredictiveMedium
35Argumentxxx_x_xxxpredictiveMedium
36Argumentxx_xxxxxpredictiveMedium
37Argumentxxxxx_xxxxxxxxpredictiveHigh
38Argumentxxxx_xxpredictiveLow
39Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
40ArgumentxxxxpredictiveLow
41ArgumentxxxpredictiveLow
42Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
43Network Portxxx/xxxx (xxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!