Finteam Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (67)

Język

en	46
fr	8
es	6
it	4
ru	2

Kraj

us	54
ru	4
cn	4
cz	2
fr	2

Aktorzy

Finteam	3
Cobalt Strike	3
Silence	2
IcedID	2
RedLine Stealer	1

Wysiłek

Rodzaj

Not Defined	38
Database Software	6
Content Management System	4
Network Camera Software	2
Hosting Control Software	2

Sprzedawca

Not Defined	20
Wh-com	2
AVTECH	2
Sumeffect	2
Cybercoded	2

Produkt

PostgreSQL	4
Bandmin	2
Wh-com Com Webhosting	2
AVTECH IP Camera	2
AVTECH NVR	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00230	0.02	CVE-2005-3285
2	aasi media Net Clubs Pro sendim.cgi cross site scripting	5.4	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00789	0.00	CVE-2006-1965
3	ThinkPHP index.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.02	CVE-2018-10225
4	PostgreSQL Client information disclosure	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00080	0.02	CVE-2022-41862
5	PostgreSQL User ID Local Privilege Escalation	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00049	0.02	CVE-2023-2455
6	PostgreSQL Extension Script sql injection	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00145	0.02	CVE-2023-39417
7	PostgreSQL MERGE nieznana luka	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00085	0.02	CVE-2023-39418
8	WALLIX Bastion Network Access Administration Web Interface information disclosure	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00087	0.00	CVE-2023-46319
9	Cisco IOS XE Web UI Remote Code Execution	9.9	9.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.89428	0.02	CVE-2023-20198
10	PHP-Nuke modules.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.02	CVE-2014-3934
11	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00125	0.02	CVE-2022-37969
12	Microsoft Windows IIS Remote Code Execution	7.6	7.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00104	0.06	CVE-2022-30209
13	VMware Workspace ONE Access weak authentication	9.8	9.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.70435	0.00	CVE-2022-31656
14	VMware Workspace ONE Access/Identity Manager URL privilege escalation	7.4	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00160	0.00	CVE-2022-31657
15	VMware Workspace ONE Access JDBC privilege escalation	4.7	4.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00222	0.00	CVE-2022-31665
16	Microsoft .NET Core Remote Code Execution	8.1	7.1	$25k-$100k	$0-$5k	Unproven	Official Fix	0.08067	0.05	CVE-2021-26701
17	Sitecore Rocks Plugin Service privilege escalation	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00326	0.00	CVE-2019-12440
18	sudo sudoers_policy_main memory corruption	8.3	8.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.97051	0.01	CVE-2021-3156
19	Hikvision DS-2CD7153-E weak authentication	8.5	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.53976	0.02	CVE-2013-4976
20	Micro Focus GroupWise Administration Console privilege escalation	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00393	0.00	CVE-2018-12468

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Aktor	Identified	Rodzaj	Pewność siebie
1	146.0.72.180	Finteam	2020-12-22	verified	Wysoki
2	XXX.XX.XXX.XXX	Xxxxxxx	2020-12-22	verified	Wysoki
3	XXX.XXX.XX.X	Xxxxxxx	2022-02-12	verified	Wysoki

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
9	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/cgi-bin/user/Config.cgi	predictive	Wysoki
2	File	/cgi-sys/FormMail-clone.cgi	predictive	Wysoki
3	File	account.php	predictive	Medium
4	File	apply.cgi	predictive	Medium
5	File	article.php	predictive	Medium
6	File	cart.php	predictive	Medium
7	File	catalog.asp	predictive	Medium
8	File	category.php	predictive	Medium
9	File	cgi-bin/reorder2.asp	predictive	Wysoki
10	File	xxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxx	predictive	Wysoki
11	File	xxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
12	File	xxxxxxxx_xxxxxxxxxx.xxx	predictive	Wysoki
13	File	xxxxxxx.xxx	predictive	Medium
14	File	xxxxxx.xxx	predictive	Medium
15	File	xxxxxxxxxxx.xxx	predictive	Wysoki
16	File	xxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxx	predictive	Wysoki
17	File	xxxxx.xxx	predictive	Medium
18	File	xxxxx.xxx	predictive	Medium
19	File	xxxx.xxx	predictive	Medium
20	File	xxxx.xxx	predictive	Medium
21	File	xxxxxxx.xxx	predictive	Medium
22	File	xxxxxxxxxxxx.xxx	predictive	Wysoki
23	File	xxxxxxx.xxx	predictive	Medium
24	File	xxxxxxxx.xxx	predictive	Medium
25	File	xxxxxxx_xxxxxxx.xxx	predictive	Wysoki
26	File	xxxxxx.xxx	predictive	Medium
27	File	xxxxxxx.xxx	predictive	Medium
28	File	xxxxxx.xxx	predictive	Medium
29	File	xxxxxx.xxx	predictive	Medium
30	File	xxxx.xxx	predictive	Medium
31	File	xxxx.xxx	predictive	Medium
32	File	xxxx.xxx	predictive	Medium
33	File	xxxxxxxxxxxxx.xxx	predictive	Wysoki
34	File	xxxxxxxx.xxxx	predictive	Wysoki
35	File	xxxxx_xxxxxx_xxxxxx.xxx	predictive	Wysoki
36	File	xxxx_xxxx.xxx	predictive	Wysoki
37	File	xxxxxxxxxx.xxx	predictive	Wysoki
38	Argument	xxx	predictive	Niski
39	Argument	xxxxxxx	predictive	Niski
40	Argument	xxxxxxxxxx	predictive	Medium
41	Argument	xxxxxxxxxx	predictive	Medium
42	Argument	xxxxxxxx_xx	predictive	Medium
43	Argument	xxxxx	predictive	Niski
44	Argument	xxx_xx	predictive	Niski
45	Argument	xxx	predictive	Niski
46	Argument	xxxxxxx	predictive	Niski
47	Argument	xxxxxxx	predictive	Niski
48	Argument	xx	predictive	Niski
49	Argument	xxxxxxxxx	predictive	Medium
50	Argument	xxxx_xx[]	predictive	Medium
51	Argument	xxxx_xxxx	predictive	Medium
52	Argument	xxx	predictive	Niski
53	Argument	xxxxxx_xx	predictive	Medium
54	Argument	xxxxxxx	predictive	Niski
55	Argument	xxxx	predictive	Niski
56	Argument	xxxx_xx	predictive	Niski
57	Argument	xxxx_xx/xxxxxx	predictive	Wysoki
58	Argument	xxxxxx	predictive	Niski
59	Argument	xxxxxx	predictive	Niski
60	Argument	xxxxxxx_xx	predictive	Medium
61	Argument	x_xx	predictive	Niski
62	Argument	xxx_xxx	predictive	Niski
63	Argument	xxxxxx	predictive	Niski
64	Argument	xxxxxx[]	predictive	Medium
65	Argument	xxxx/xxxxx/xxxx	predictive	Wysoki
66	Input Value	xxxxxx=xxx&xxxxxxxx=xxxxxxx.*	predictive	Wysoki

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Interested in the pricing of exploits?

See the underground prices here!