FinFisher Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (80)

Sprache

en	66
de	4
ru	4
zh	4
jp	2

Land

us	50
cn	10
ru	8
tr	6
ca	2

Akteure

FinFisher	5
Cobalt Strike	3
Conti	2
Vidar	2
RecordBreaker	2

Interesse

Typ

Not Defined	20
Operating System	10
Content Management System	8
Database Administration Software	4
Network Management Software	4

Hersteller

Not Defined	28
Apple	4
Red Hat	2
HPE	2
HP	2

Produkt

phpMyAdmin	4
Drupal	4
Red Hat Linux	2
xmlhttprequest	2
xmlhttprequest-ssl	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Schneider Electric EcoStruxure Control Expert/Unity Pro Pufferüberlauf	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00072	0.00	CVE-2020-7560
2	Tridium Niagara AX/Niagra 4 Directory Traversal	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00256	0.03	CVE-2017-16744
3	PHPsFTPd Login inc.login.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01298	0.00	CVE-2005-2314
4	xmlhttprequest/xmlhttprequest-ssl XMLHttpRequest erweiterte Rechte	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03027	0.02	CVE-2020-28502
5	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.60	CVE-2010-0966
6	phpMyAdmin Configuration File setup.php erweiterte Rechte	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.80586	0.06	CVE-2009-1151
7	Network-weathermap .network Weathermap editor.php Cross Site Scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.13259	0.03	CVE-2013-2618
8	OpenSSL c_rehash erweiterte Rechte	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.10649	0.09	CVE-2022-1292
9	ownCloud graphapi GetPhpInfo.php Information Disclosure	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.86982	0.04	CVE-2023-49103
10	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.00	CVE-2022-27228
11	HP Integrated Lights-Out IPMI Protocol erweiterte Rechte	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.27196	0.09	CVE-2013-4786
12	Linux Kernel BPF inode.c nilfs_new_inode Pufferüberlauf	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.04	CVE-2022-3649
13	Microsoft Windows Mark of the Web unbekannte Schwachstelle	5.4	5.1	$25k-$100k	$5k-$25k	Functional	Official Fix	0.00278	0.00	CVE-2022-41049
14	Tesla Model 3 bcmdhd Driver erweiterte Rechte	7.8	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.07	CVE-2022-42431
15	Drupal Database Abstraction API expandArguments SQL Injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.97530	0.04	CVE-2014-3704
16	Apple macOS Kernel Coldtro Pufferüberlauf	7.8	7.6	$5k-$25k	$0-$5k	High	Official Fix	0.00149	0.00	CVE-2022-32894
17	hMailServer IMAP Server erweiterte Rechte	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05845	0.00	CVE-2008-3676
18	Supermicro BMC schwache Authentisierung	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05744	0.00	CVE-2013-4782
19	XMLBeans XML Parser XML External Entity	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00372	0.06	CVE-2021-23926
20	TeamSpeak Client QT Framework erweiterte Rechte	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01857	0.02	CVE-2019-11351

Kampagnen (1)

These are the campaigns that can be associated with the actor:

Turkey March for Justice

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	45.86.136.138		FinFisher		04.08.2022	verifiziert	High
2	79.143.87.216		FinFisher		04.08.2022	verifiziert	High
3	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx		04.08.2022	verifiziert	High
4	XXX.XXX.XX.XXX		Xxxxxxxxx		04.08.2022	verifiziert	High
5	XXX.XX.XXX.XXX	xxxxxxx.xxxxx-xxxxx.xxx	Xxxxxxxxx	Xxxxxx Xxxxx Xxx Xxxxxxx	28.03.2022	verifiziert	High
6	XXX.XX.XX.XXX	xxxxx-xxxxx.xxxxxxx.xxxx	Xxxxxxxxx		04.08.2022	verifiziert	High
7	XXX.XXX.XX.XXX		Xxxxxxxxx		04.08.2022	verifiziert	High
8	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx.xxx	Xxxxxxxxx		04.08.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CWE-94	Argument Injection	prädiktiv	High
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	prädiktiv	High
13	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
14	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/+CSCOE+/logon.html	prädiktiv	High
2	File	admin.php	prädiktiv	Medium
3	File	books.php	prädiktiv	Medium
4	File	cgi-bin/mainfunction.cgi	prädiktiv	High
5	File	c_rehash	prädiktiv	Medium
6	File	data/gbconfiguration.dat	prädiktiv	High
7	File	xx.xxx	prädiktiv	Low
8	File	xxxxxx.xxx	prädiktiv	Medium
9	File	xxxxxx.xxx	prädiktiv	Medium
10	File	xxx/xxxxxxxx/xxx_xxxxxxxxxxxx.x	prädiktiv	High
11	File	xxxxx_xxxxxx.x	prädiktiv	High
12	File	xx/xxxxxx/xxxxx.x	prädiktiv	High
13	File	xxxxxxxxxx.xxx	prädiktiv	High
14	File	xxxxx_xxxxxx.xxx	prädiktiv	High
15	File	xxx.xxxxx.xxx	prädiktiv	High
16	File	xxx/xxxxxx.xxx	prädiktiv	High
17	File	xxxxx.xxx	prädiktiv	Medium
18	File	xxxx.xxx.xxx	prädiktiv	Medium
19	File	xxx_xxx.x	prädiktiv	Medium
20	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	prädiktiv	High
21	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	prädiktiv	High
22	File	xxxxxx_xxx_xxxxxx.xxx	prädiktiv	High
23	File	xxxxx.xxx	prädiktiv	Medium
24	File	xxxx.xxx	prädiktiv	Medium
25	File	xxxx_xxxxxxx_xxxxxxxx.xxx	prädiktiv	High
26	Library	xxxxxx.xxx	prädiktiv	Medium
27	Library	xxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxx	prädiktiv	High
28	Library	xxxxx.xxx	prädiktiv	Medium
29	Argument	-x	prädiktiv	Low
30	Argument	xxxxxxxx	prädiktiv	Medium
31	Argument	xxxxxx	prädiktiv	Low
32	Argument	xxx	prädiktiv	Low
33	Argument	xxx_xx	prädiktiv	Low
34	Argument	xxxx_xxxx	prädiktiv	Medium
35	Argument	xxxxxxxxxx	prädiktiv	Medium
36	Argument	xxx_x_xxx	prädiktiv	Medium
37	Argument	xx_xxxxx	prädiktiv	Medium
38	Argument	xxxxx_xxxxxxxx	prädiktiv	High
39	Argument	xxxx_xx	prädiktiv	Low
40	Argument	xxx_xxxxx	prädiktiv	Medium
41	Argument	xxxxxxxxx_xxxxxxxx_xxxx	prädiktiv	High
42	Argument	xxxx	prädiktiv	Low
43	Argument	xxx	prädiktiv	Low
44	Input Value	\xxx../../../../xxx/xxxxxx	prädiktiv	High
45	Network Port	xxx/xxxx (xxx)	prädiktiv	High

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!