FinFisher Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (80)

Idioma

en	74
de	4
jp	2

País

us	66
ru	8
gb	2
tr	2
cn	2

Actores

FinFisher	4
Cobalt Strike	3
Conti	2
Vidar	2
RecordBreaker	2

Interesar

Escribe

Not Defined	22
Operating System	8
Content Management System	8
SCADA Software	6
Firewall Software	4

Proveedor

Not Defined	16
Apple	4
Schneider Electric	4
Microsoft	4
Linux	2

Producto

Microsoft Windows	4
Linux Kernel	2
Apple Mac OS X Server	2
cPanel	2
Backdoor.Win32.Prorat.ntz	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Schneider Electric EcoStruxure Control Expert/Unity Pro desbordamiento de búfer	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00072	0.00	CVE-2020-7560
2	Tridium Niagara AX/Niagra 4 directory traversal	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00256	0.03	CVE-2017-16744
3	PHPsFTPd Login inc.login.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01298	0.00	CVE-2005-2314
4	xmlhttprequest/xmlhttprequest-ssl XMLHttpRequest escalada de privilegios	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03027	0.02	CVE-2020-28502
5	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.91	CVE-2010-0966
6	phpMyAdmin Configuration File setup.php escalada de privilegios	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.80586	0.06	CVE-2009-1151
7	Network-weathermap .network Weathermap editor.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.13259	0.03	CVE-2013-2618
8	OpenSSL c_rehash escalada de privilegios	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.10649	0.00	CVE-2022-1292
9	ownCloud graphapi GetPhpInfo.php divulgación de información	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.86982	0.04	CVE-2023-49103
10	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.00	CVE-2022-27228
11	HP Integrated Lights-Out IPMI Protocol escalada de privilegios	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.27196	0.09	CVE-2013-4786
12	Linux Kernel BPF inode.c nilfs_new_inode desbordamiento de búfer	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.12	CVE-2022-3649
13	Microsoft Windows Mark of the Web vulnerabilidad desconocida	5.4	5.1	$25k-$100k	$5k-$25k	Functional	Official Fix	0.00278	0.00	CVE-2022-41049
14	Tesla Model 3 bcmdhd Driver escalada de privilegios	7.8	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.07	CVE-2022-42431
15	Drupal Database Abstraction API expandArguments sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.97530	0.03	CVE-2014-3704
16	Apple macOS Kernel Coldtro desbordamiento de búfer	7.8	7.6	$5k-$25k	$0-$5k	High	Official Fix	0.00149	0.00	CVE-2022-32894
17	hMailServer IMAP Server escalada de privilegios	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05845	0.00	CVE-2008-3676
18	Supermicro BMC autenticación débil	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05744	0.00	CVE-2013-4782
19	XMLBeans XML Parser XML External Entity	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00372	0.06	CVE-2021-23926
20	TeamSpeak Client QT Framework escalada de privilegios	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01857	0.02	CVE-2019-11351

Campañas (1)

These are the campaigns that can be associated with the actor:

Turkey March for Justice

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	45.86.136.138		FinFisher		2022-08-04	verified	Alto
2	79.143.87.216		FinFisher		2022-08-04	verified	Alto
3	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx		2022-08-04	verified	Alto
4	XXX.XXX.XX.XXX		Xxxxxxxxx		2022-08-04	verified	Alto
5	XXX.XX.XXX.XXX	xxxxxxx.xxxxx-xxxxx.xxx	Xxxxxxxxx	Xxxxxx Xxxxx Xxx Xxxxxxx	2022-03-28	verified	Alto
6	XXX.XX.XX.XXX	xxxxx-xxxxx.xxxxxxx.xxxx	Xxxxxxxxx		2022-08-04	verified	Alto
7	XXX.XXX.XX.XXX		Xxxxxxxxx		2022-08-04	verified	Alto
8	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx.xxx	Xxxxxxxxx		2022-08-04	verified	Alto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
13	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
14	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/+CSCOE+/logon.html	predictive	Alto
2	File	admin.php	predictive	Medio
3	File	books.php	predictive	Medio
4	File	cgi-bin/mainfunction.cgi	predictive	Alto
5	File	c_rehash	predictive	Medio
6	File	data/gbconfiguration.dat	predictive	Alto
7	File	xx.xxx	predictive	Bajo
8	File	xxxxxx.xxx	predictive	Medio
9	File	xxxxxx.xxx	predictive	Medio
10	File	xxx/xxxxxxxx/xxx_xxxxxxxxxxxx.x	predictive	Alto
11	File	xxxxx_xxxxxx.x	predictive	Alto
12	File	xx/xxxxxx/xxxxx.x	predictive	Alto
13	File	xxxxxxxxxx.xxx	predictive	Alto
14	File	xxxxx_xxxxxx.xxx	predictive	Alto
15	File	xxx.xxxxx.xxx	predictive	Alto
16	File	xxx/xxxxxx.xxx	predictive	Alto
17	File	xxxxx.xxx	predictive	Medio
18	File	xxxx.xxx.xxx	predictive	Medio
19	File	xxx_xxx.x	predictive	Medio
20	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
21	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	Alto
22	File	xxxxxx_xxx_xxxxxx.xxx	predictive	Alto
23	File	xxxxx.xxx	predictive	Medio
24	File	xxxx.xxx	predictive	Medio
25	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
26	Library	xxxxxx.xxx	predictive	Medio
27	Library	xxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxx	predictive	Alto
28	Library	xxxxx.xxx	predictive	Medio
29	Argument	-x	predictive	Bajo
30	Argument	xxxxxxxx	predictive	Medio
31	Argument	xxxxxx	predictive	Bajo
32	Argument	xxx	predictive	Bajo
33	Argument	xxx_xx	predictive	Bajo
34	Argument	xxxx_xxxx	predictive	Medio
35	Argument	xxxxxxxxxx	predictive	Medio
36	Argument	xxx_x_xxx	predictive	Medio
37	Argument	xx_xxxxx	predictive	Medio
38	Argument	xxxxx_xxxxxxxx	predictive	Alto
39	Argument	xxxx_xx	predictive	Bajo
40	Argument	xxx_xxxxx	predictive	Medio
41	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Alto
42	Argument	xxxx	predictive	Bajo
43	Argument	xxx	predictive	Bajo
44	Input Value	\xxx../../../../xxx/xxxxxx	predictive	Alto
45	Network Port	xxx/xxxx (xxx)	predictive	Alto

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!