Finteam Analysis

IOB - Indicator of Behavior (61)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en48
de4
es4
it4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us60
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

VMware Workspace ONE Access6
VMware Identity Manager6
FreeBSD4
VMware vRealize Automation4
nicLOR Vibro-School-CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp cross site scripting4.34.3$0-$5kCalculatingNot DefinedNot Defined0.030.01917CVE-2005-3285
2aasi media Net Clubs Pro sendim.cgi cross site scripting5.45.1$0-$5kCalculatingProof-of-ConceptUnavailable0.030.04894CVE-2006-1965
3ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-10225
4PHP-Nuke modules.php sql injection7.37.3$0-$5kCalculatingNot DefinedNot Defined0.020.00986CVE-2014-3934
5Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01178CVE-2022-37969
6Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.02251CVE-2022-30209
7VMware Workspace ONE Access improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.16531CVE-2022-31656
8VMware Workspace ONE Access/Identity Manager URL injection7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-31657
9VMware Workspace ONE Access JDBC injection4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01156CVE-2022-31665
10Microsoft .NET Core Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.070.43243CVE-2021-26701
11Sitecore Rocks Plugin Service command injection8.58.2$0-$5kCalculatingNot DefinedOfficial Fix0.030.00954CVE-2019-12440
12sudo sudoers_policy_main heap-based overflow8.38.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.58695CVE-2021-3156
13Hikvision DS-2CD7153-E improper authentication8.57.4$0-$5kCalculatingProof-of-ConceptOfficial Fix0.020.00954CVE-2013-4976
14Micro Focus GroupWise Administration Console unrestricted upload6.76.4$0-$5kCalculatingNot DefinedOfficial Fix0.020.01156CVE-2018-12468
15Microsoft SQL Server RDBMS Engine access control8.88.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.11348CVE-2016-7249
16MicroNetsoft RV Dealer Website search.asp sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.000.00986CVE-2010-4362
17Prozilla Webring category.php sql injection7.37.3$0-$5kCalculatingHighUnavailable0.040.01139CVE-2007-4362
18nicLOR Vibro-School-CMS view_news.php sql injection7.37.3$0-$5kCalculatingHighUnavailable0.030.00986CVE-2008-6795
19Application Dynamics Cartweaver ColdFusion results.cfm sql injection6.56.2$0-$5kCalculatingHighOfficial Fix0.030.04386CVE-2006-2046
20CBAuthority main.php sql injection7.37.1$0-$5kCalculatingHighUnavailable0.030.00986CVE-2009-3205

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1146.0.72.180FinteamverifiedHigh
2XXX.XX.XXX.XXXXxxxxxxverifiedHigh
3XXX.XXX.XX.XXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2File/cgi-sys/FormMail-clone.cgipredictiveHigh
3Fileaccount.phppredictiveMedium
4Fileapply.cgipredictiveMedium
5Filearticle.phppredictiveMedium
6Filecart.phppredictiveMedium
7Filecatalog.asppredictiveMedium
8Filecategory.phppredictiveMedium
9Filecgi-bin/reorder2.asppredictiveHigh
10Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx.xxxxpredictiveHigh
35Filexxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
36Filexxxx_xxxx.xxxpredictiveHigh
37Filexxxxxxxxxx.xxxpredictiveHigh
38ArgumentxxxpredictiveLow
39ArgumentxxxxxxxpredictiveLow
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxxxpredictiveMedium
42Argumentxxxxxxxx_xxpredictiveMedium
43ArgumentxxxxxpredictiveLow
44Argumentxxx_xxpredictiveLow
45ArgumentxxxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48ArgumentxxpredictiveLow
49ArgumentxxxxxxxxxpredictiveMedium
50Argumentxxxx_xx[]predictiveMedium
51Argumentxxxx_xxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53Argumentxxxxxx_xxpredictiveMedium
54ArgumentxxxxxxxpredictiveLow
55ArgumentxxxxpredictiveLow
56Argumentxxxx_xxpredictiveLow
57Argumentxxxx_xx/xxxxxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxpredictiveLow
60Argumentxxxxxxx_xxpredictiveMedium
61Argumentx_xxpredictiveLow
62Argumentxxx_xxxpredictiveLow
63ArgumentxxxxxxpredictiveLow
64Argumentxxxxxx[]predictiveMedium
65Argumentxxxx/xxxxx/xxxxpredictiveHigh
66Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!