Finteam Analysis

IOB - Indicator of Behavior (63)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
es2
de2
ru2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us56
cn6
cz2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FreeBSD6
VMware Workspace ONE Access4
VMware Identity Manager4
Comersus Open Technologies Comersus Cart4
Eicrasoft Eicra Realestate Script2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00193CVE-2005-3285
2aasi media Net Clubs Pro sendim.cgi cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.00789CVE-2006-1965
3ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00151CVE-2018-10225
4WALLIX Bastion Network Access Administration Web Interface information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00087CVE-2023-46319
5Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.91922CVE-2023-20198
6PHP-Nuke modules.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00102CVE-2014-3934
7Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00128CVE-2022-37969
8Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00107CVE-2022-30209
9VMware Workspace ONE Access improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.77763CVE-2022-31656
10VMware Workspace ONE Access/Identity Manager URL injection7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00160CVE-2022-31657
11VMware Workspace ONE Access JDBC injection4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00213CVE-2022-31665
12Microsoft .NET Core Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.030.08067CVE-2021-26701
13Sitecore Rocks Plugin Service command injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00326CVE-2019-12440
14sudo sudoers_policy_main heap-based overflow8.38.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.010.97085CVE-2021-3156
15Hikvision DS-2CD7153-E improper authentication8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.53976CVE-2013-4976
16Micro Focus GroupWise Administration Console unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00393CVE-2018-12468
17Microsoft SQL Server RDBMS Engine access control8.88.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.28381CVE-2016-7249
18MicroNetsoft RV Dealer Website search.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00064CVE-2010-4362
19Prozilla Webring category.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000.01071CVE-2007-4362
20nicLOR Vibro-School-CMS view_news.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000.00064CVE-2008-6795

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1146.0.72.180Finteam12/22/2020verifiedHigh
2XXX.XX.XXX.XXXXxxxxxx12/22/2020verifiedHigh
3XXX.XXX.XX.XXxxxxxx02/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2File/cgi-sys/FormMail-clone.cgipredictiveHigh
3Fileaccount.phppredictiveMedium
4Fileapply.cgipredictiveMedium
5Filearticle.phppredictiveMedium
6Filecart.phppredictiveMedium
7Filecatalog.asppredictiveMedium
8Filecategory.phppredictiveMedium
9Filecgi-bin/reorder2.asppredictiveHigh
10Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx.xxxxpredictiveHigh
35Filexxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
36Filexxxx_xxxx.xxxpredictiveHigh
37Filexxxxxxxxxx.xxxpredictiveHigh
38ArgumentxxxpredictiveLow
39ArgumentxxxxxxxpredictiveLow
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxxxpredictiveMedium
42Argumentxxxxxxxx_xxpredictiveMedium
43ArgumentxxxxxpredictiveLow
44Argumentxxx_xxpredictiveLow
45ArgumentxxxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48ArgumentxxpredictiveLow
49ArgumentxxxxxxxxxpredictiveMedium
50Argumentxxxx_xx[]predictiveMedium
51Argumentxxxx_xxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53Argumentxxxxxx_xxpredictiveMedium
54ArgumentxxxxxxxpredictiveLow
55ArgumentxxxxpredictiveLow
56Argumentxxxx_xxpredictiveLow
57Argumentxxxx_xx/xxxxxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxpredictiveLow
60Argumentxxxxxxx_xxpredictiveMedium
61Argumentx_xxpredictiveLow
62Argumentxxx_xxxpredictiveLow
63ArgumentxxxxxxpredictiveLow
64Argumentxxxxxx[]predictiveMedium
65Argumentxxxx/xxxxx/xxxxpredictiveHigh
66Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!