Finteam Analysis

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
it4
fr4
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

VMware Workspace ONE Access4
VMware Identity Manager4
VMware vRealize Automation4
Comersus Open Technologies Comersus Cart4
FreeBSD4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002240.00CVE-2005-3285
2aasi media Net Clubs Pro sendim.cgi cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.007890.00CVE-2006-1965
3ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.05CVE-2018-10225
4FlyCMS add_group_save cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000580.05CVE-2024-22593
5PostgreSQL Client information disclosure3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.00CVE-2022-41862
6PostgreSQL User ID Local Privilege Escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000960.03CVE-2023-2455
7PostgreSQL Extension Script sql injection7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001450.09CVE-2023-39417
8PostgreSQL MERGE unknown vulnerability3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000850.04CVE-2023-39418
9WALLIX Bastion Network Access Administration Web Interface information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2023-46319
10Cisco IOS XE Web UI Remote Code Execution9.99.8$25k-$100k$5k-$25kHighOfficial Fix0.852540.09CVE-2023-20198
11PHP-Nuke modules.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001360.02CVE-2014-3934
12Microsoft Windows Common Log File System Driver out-of-bounds write8.17.7$100k and more$25k-$100kHighOfficial Fix0.001610.00CVE-2022-37969
13Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001180.03CVE-2022-30209
14VMware Workspace ONE Access improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.641320.05CVE-2022-31656
15VMware Workspace ONE Access/Identity Manager URL injection7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2022-31657
16VMware Workspace ONE Access JDBC injection4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2022-31665
17Microsoft .NET Core Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.080670.00CVE-2021-26701
18Sitecore Rocks Plugin Service command injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003720.00CVE-2019-12440
19sudo sudoers_policy_main heap-based overflow8.38.1$5k-$25k$0-$5kHighOfficial Fix0.969750.04CVE-2021-3156
20Hikvision DS-2CD7153-E improper authentication8.58.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.539760.04CVE-2013-4976

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1146.0.72.180Finteam12/22/2020verifiedLow
2XXX.XX.XXX.XXXXxxxxxx12/22/2020verifiedLow
3XXX.XXX.XX.XXxxxxxx02/12/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2File/cgi-sys/FormMail-clone.cgipredictiveHigh
3File/system/admin/add_group_savepredictiveHigh
4Fileaccount.phppredictiveMedium
5Fileapply.cgipredictiveMedium
6Filearticle.phppredictiveMedium
7Filecart.phppredictiveMedium
8Filecatalog.asppredictiveMedium
9Filecategory.phppredictiveMedium
10Filexxx-xxx/xxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxxx.xxxpredictiveMedium
16Filexxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx.xxxxpredictiveHigh
36Filexxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
37Filexxxx_xxxx.xxxpredictiveHigh
38Filexxxxxxxxxx.xxxpredictiveHigh
39ArgumentxxxpredictiveLow
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxxxpredictiveMedium
43Argumentxxxxxxxx_xxpredictiveMedium
44ArgumentxxxxxpredictiveLow
45Argumentxxx_xxpredictiveLow
46ArgumentxxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48ArgumentxxxxxxxpredictiveLow
49ArgumentxxpredictiveLow
50ArgumentxxxxxxxxxpredictiveMedium
51Argumentxxxx_xx[]predictiveMedium
52Argumentxxxx_xxxxpredictiveMedium
53ArgumentxxxpredictiveLow
54Argumentxxxxxx_xxpredictiveMedium
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57Argumentxxxx_xxpredictiveLow
58Argumentxxxx_xx/xxxxxxpredictiveHigh
59ArgumentxxxxxxpredictiveLow
60ArgumentxxxxxxpredictiveLow
61Argumentxxxxxxx_xxpredictiveMedium
62Argumentx_xxpredictiveLow
63Argumentxxx_xxxpredictiveLow
64ArgumentxxxxxxpredictiveLow
65Argumentxxxxxx[]predictiveMedium
66Argumentxxxx/xxxxx/xxxxpredictiveHigh
67Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!