Finteam Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (67)

Sequenza temporale

Linguaggio

en56
it4
es4
fr2
de2

Nazione

us58
cn4
ru4

Attori

Finteam3
Cobalt Strike3
Silence2
IcedID2
RedLine Stealer1

Attività

Interesse

Sequenza temporale

Genere

Not Defined38
Database Software6
Content Management System4
Router Operating System4
Hosting Control Software2

Fornitore

Not Defined26
Comersus Open Technologies4
VMware4
Cisco4
Virtuenetz2

Prodotto

PostgreSQL6
VMware Workspace ONE Access4
VMware Identity Manager4
Virtuenetz Virtue Shopping Mall2
cPanel2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002300.02CVE-2005-3285
2aasi media Net Clubs Pro sendim.cgi cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.007890.00CVE-2006-1965
3ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001730.02CVE-2018-10225
4PostgreSQL Client rivelazione di un 'informazione3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.04CVE-2022-41862
5PostgreSQL User ID Local Privilege Escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000490.02CVE-2023-2455
6PostgreSQL Extension Script sql injection7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001450.03CVE-2023-39417
7PostgreSQL MERGE vulnerabilità sconosciuta3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000850.02CVE-2023-39418
8WALLIX Bastion Network Access Administration Web Interface rivelazione di un 'informazione5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2023-46319
9Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.900800.04CVE-2023-20198
10PHP-Nuke modules.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.02CVE-2014-3934
11Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.001250.02CVE-2022-37969
12Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001040.06CVE-2022-30209
13VMware Workspace ONE Access autenticazione debole9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.704350.00CVE-2022-31656
14VMware Workspace ONE Access/Identity Manager URL escalazione di privilegi7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2022-31657
15VMware Workspace ONE Access JDBC escalazione di privilegi4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2022-31665
16Microsoft .NET Core Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.080670.05CVE-2021-26701
17Sitecore Rocks Plugin Service escalazione di privilegi8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.00CVE-2019-12440
18sudo sudoers_policy_main buffer overflow8.38.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.970510.00CVE-2021-3156
19Hikvision DS-2CD7153-E autenticazione debole8.58.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.539760.04CVE-2013-4976
20Micro Focus GroupWise Administration Console escalazione di privilegi7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003930.00CVE-2018-12468

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1146.0.72.180Finteam22/12/2020verifiedAlto
2XXX.XX.XXX.XXXXxxxxxx22/12/2020verifiedAlto
3XXX.XXX.XX.XXxxxxxx12/02/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/cgi-bin/user/Config.cgipredictiveAlto
2File/cgi-sys/FormMail-clone.cgipredictiveAlto
3Fileaccount.phppredictiveMedia
4Fileapply.cgipredictiveMedia
5Filearticle.phppredictiveMedia
6Filecart.phppredictiveMedia
7Filecatalog.asppredictiveMedia
8Filecategory.phppredictiveMedia
9Filecgi-bin/reorder2.asppredictiveAlto
10Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveAlto
11Filexxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
12Filexxxxxxxx_xxxxxxxxxx.xxxpredictiveAlto
13Filexxxxxxx.xxxpredictiveMedia
14Filexxxxxx.xxxpredictiveMedia
15Filexxxxxxxxxxx.xxxpredictiveAlto
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveAlto
17Filexxxxx.xxxpredictiveMedia
18Filexxxxx.xxxpredictiveMedia
19Filexxxx.xxxpredictiveMedia
20Filexxxx.xxxpredictiveMedia
21Filexxxxxxx.xxxpredictiveMedia
22Filexxxxxxxxxxxx.xxxpredictiveAlto
23Filexxxxxxx.xxxpredictiveMedia
24Filexxxxxxxx.xxxpredictiveMedia
25Filexxxxxxx_xxxxxxx.xxxpredictiveAlto
26Filexxxxxx.xxxpredictiveMedia
27Filexxxxxxx.xxxpredictiveMedia
28Filexxxxxx.xxxpredictiveMedia
29Filexxxxxx.xxxpredictiveMedia
30Filexxxx.xxxpredictiveMedia
31Filexxxx.xxxpredictiveMedia
32Filexxxx.xxxpredictiveMedia
33Filexxxxxxxxxxxxx.xxxpredictiveAlto
34Filexxxxxxxx.xxxxpredictiveAlto
35Filexxxxx_xxxxxx_xxxxxx.xxxpredictiveAlto
36Filexxxx_xxxx.xxxpredictiveAlto
37Filexxxxxxxxxx.xxxpredictiveAlto
38ArgumentxxxpredictiveBasso
39ArgumentxxxxxxxpredictiveBasso
40ArgumentxxxxxxxxxxpredictiveMedia
41ArgumentxxxxxxxxxxpredictiveMedia
42Argumentxxxxxxxx_xxpredictiveMedia
43ArgumentxxxxxpredictiveBasso
44Argumentxxx_xxpredictiveBasso
45ArgumentxxxpredictiveBasso
46ArgumentxxxxxxxpredictiveBasso
47ArgumentxxxxxxxpredictiveBasso
48ArgumentxxpredictiveBasso
49ArgumentxxxxxxxxxpredictiveMedia
50Argumentxxxx_xx[]predictiveMedia
51Argumentxxxx_xxxxpredictiveMedia
52ArgumentxxxpredictiveBasso
53Argumentxxxxxx_xxpredictiveMedia
54ArgumentxxxxxxxpredictiveBasso
55ArgumentxxxxpredictiveBasso
56Argumentxxxx_xxpredictiveBasso
57Argumentxxxx_xx/xxxxxxpredictiveAlto
58ArgumentxxxxxxpredictiveBasso
59ArgumentxxxxxxpredictiveBasso
60Argumentxxxxxxx_xxpredictiveMedia
61Argumentx_xxpredictiveBasso
62Argumentxxx_xxxpredictiveBasso
63ArgumentxxxxxxpredictiveBasso
64Argumentxxxxxx[]predictiveMedia
65Argumentxxxx/xxxxx/xxxxpredictiveAlto
66Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveAlto

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!