Finteam 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (67)

タイムライン

言語

en52
de4
fr4
it4
es2

国・地域

us52
cn4
gb4
ru2
cz2

アクター

Finteam3
Cobalt Strike3
Silence2
IcedID2
RedLine Stealer1

アクティビティ

関心

タイムライン

タイプ

Not Defined42
Database Software6
Content Management System2
Firewall Software2
Automation Software2

ベンダー

Not Defined22
Microsoft6
aasi media2
SalesCart2
SonicWALL2

製品

PostgreSQL4
Serendipity2
Microsoft .NET Core2
aasi media Net Clubs Pro2
SalesCart Shopping Cart2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002300.02CVE-2005-3285
2aasi media Net Clubs Pro sendim.cgi クロスサイトスクリプティング5.45.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.007890.00CVE-2006-1965
3ThinkPHP index.php SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001730.02CVE-2018-10225
4PostgreSQL Client 情報の漏洩3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.04CVE-2022-41862
5PostgreSQL User ID Local Privilege Escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000490.02CVE-2023-2455
6PostgreSQL Extension Script SQLインジェクション7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001450.09CVE-2023-39417
7PostgreSQL MERGE 未知の脆弱性3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000850.02CVE-2023-39418
8WALLIX Bastion Network Access Administration Web Interface 情報の漏洩5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2023-46319
9Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.894280.04CVE-2023-20198
10PHP-Nuke modules.php SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.02CVE-2014-3934
11Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.001250.02CVE-2022-37969
12Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001040.06CVE-2022-30209
13VMware Workspace ONE Access 弱い認証9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.704350.00CVE-2022-31656
14VMware Workspace ONE Access/Identity Manager URL 特権昇格7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2022-31657
15VMware Workspace ONE Access JDBC 特権昇格4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2022-31665
16Microsoft .NET Core Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.080670.05CVE-2021-26701
17Sitecore Rocks Plugin Service 特権昇格8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.00CVE-2019-12440
18sudo sudoers_policy_main メモリ破損8.38.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.970510.01CVE-2021-3156
19Hikvision DS-2CD7153-E 弱い認証8.58.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.539760.04CVE-2013-4976
20Micro Focus GroupWise Administration Console 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003930.00CVE-2018-12468

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1146.0.72.180Finteam2020年12月22日verified
2XXX.XX.XXX.XXXXxxxxxx2020年12月22日verified
3XXX.XXX.XX.XXxxxxxx2022年02月12日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/user/Config.cgipredictive
2File/cgi-sys/FormMail-clone.cgipredictive
3Fileaccount.phppredictive
4Fileapply.cgipredictive
5Filearticle.phppredictive
6Filecart.phppredictive
7Filecatalog.asppredictive
8Filecategory.phppredictive
9Filecgi-bin/reorder2.asppredictive
10Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictive
11Filexxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
12Filexxxxxxxx_xxxxxxxxxx.xxxpredictive
13Filexxxxxxx.xxxpredictive
14Filexxxxxx.xxxpredictive
15Filexxxxxxxxxxx.xxxpredictive
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxxx.xxxpredictive
19Filexxxx.xxxpredictive
20Filexxxx.xxxpredictive
21Filexxxxxxx.xxxpredictive
22Filexxxxxxxxxxxx.xxxpredictive
23Filexxxxxxx.xxxpredictive
24Filexxxxxxxx.xxxpredictive
25Filexxxxxxx_xxxxxxx.xxxpredictive
26Filexxxxxx.xxxpredictive
27Filexxxxxxx.xxxpredictive
28Filexxxxxx.xxxpredictive
29Filexxxxxx.xxxpredictive
30Filexxxx.xxxpredictive
31Filexxxx.xxxpredictive
32Filexxxx.xxxpredictive
33Filexxxxxxxxxxxxx.xxxpredictive
34Filexxxxxxxx.xxxxpredictive
35Filexxxxx_xxxxxx_xxxxxx.xxxpredictive
36Filexxxx_xxxx.xxxpredictive
37Filexxxxxxxxxx.xxxpredictive
38Argumentxxxpredictive
39Argumentxxxxxxxpredictive
40Argumentxxxxxxxxxxpredictive
41Argumentxxxxxxxxxxpredictive
42Argumentxxxxxxxx_xxpredictive
43Argumentxxxxxpredictive
44Argumentxxx_xxpredictive
45Argumentxxxpredictive
46Argumentxxxxxxxpredictive
47Argumentxxxxxxxpredictive
48Argumentxxpredictive
49Argumentxxxxxxxxxpredictive
50Argumentxxxx_xx[]predictive
51Argumentxxxx_xxxxpredictive
52Argumentxxxpredictive
53Argumentxxxxxx_xxpredictive
54Argumentxxxxxxxpredictive
55Argumentxxxxpredictive
56Argumentxxxx_xxpredictive
57Argumentxxxx_xx/xxxxxxpredictive
58Argumentxxxxxxpredictive
59Argumentxxxxxxpredictive
60Argumentxxxxxxx_xxpredictive
61Argumentx_xxpredictive
62Argumentxxx_xxxpredictive
63Argumentxxxxxxpredictive
64Argumentxxxxxx[]predictive
65Argumentxxxx/xxxxx/xxxxpredictive
66Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!