Finteam Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (67)

Idioma

en	52
fr	4
es	4
de	4
it	2

País

us	52
ru	8
cn	4
fr	2
cz	2

Actores

Finteam	3
Cobalt Strike	3
Silence	2
IcedID	2
RedLine Stealer	1

Interesse

Tipo

Not Defined	38
Database Software	6
Content Management System	4
E-Commerce Management Software	2
Router Operating System	2

Fabricante

Not Defined	18
Microsoft	4
Ecommerce Online	2
Application Dynamics	2
Linksys	2

Produto

CosmicShoppingCart	2
Ecommerce Online Store Kit	2
Application Dynamics Cartweaver ColdFusion	2
Linksys WVC11B	2
Cisco Linksys X3000	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00230	0.02	CVE-2005-3285
2	aasi media Net Clubs Pro sendim.cgi Roteiro Cruzado de Sítios	5.4	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00789	0.00	CVE-2006-1965
3	ThinkPHP index.php Injecção SQL	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.02	CVE-2018-10225
4	PostgreSQL Client Divulgação de Informação	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00080	0.04	CVE-2022-41862
5	PostgreSQL User ID Local Privilege Escalation	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00049	0.02	CVE-2023-2455
6	PostgreSQL Extension Script Injecção SQL	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00145	0.03	CVE-2023-39417
7	PostgreSQL MERGE vulnerabilidade desconhecida	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00085	0.02	CVE-2023-39418
8	WALLIX Bastion Network Access Administration Web Interface Divulgação de Informação	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00087	0.00	CVE-2023-46319
9	Cisco IOS XE Web UI Remote Code Execution	9.9	9.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.90080	0.03	CVE-2023-20198
10	PHP-Nuke modules.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.02	CVE-2014-3934
11	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00125	0.02	CVE-2022-37969
12	Microsoft Windows IIS Remote Code Execution	7.6	7.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00104	0.06	CVE-2022-30209
13	VMware Workspace ONE Access Fraca autenticação	9.8	9.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.70435	0.00	CVE-2022-31656
14	VMware Workspace ONE Access/Identity Manager URL direitos alargados	7.4	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00160	0.00	CVE-2022-31657
15	VMware Workspace ONE Access JDBC direitos alargados	4.7	4.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00222	0.00	CVE-2022-31665
16	Microsoft .NET Core Remote Code Execution	8.1	7.1	$25k-$100k	$0-$5k	Unproven	Official Fix	0.08067	0.05	CVE-2021-26701
17	Sitecore Rocks Plugin Service direitos alargados	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00326	0.00	CVE-2019-12440
18	sudo sudoers_policy_main Excesso de tampão	8.3	8.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.97051	0.00	CVE-2021-3156
19	Hikvision DS-2CD7153-E Fraca autenticação	8.5	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.53976	0.04	CVE-2013-4976
20	Micro Focus GroupWise Administration Console direitos alargados	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00393	0.00	CVE-2018-12468

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Actor	Identified	Tipo	Aceitação
1	146.0.72.180	Finteam	22/12/2020	verified	Alto
2	XXX.XX.XXX.XXX	Xxxxxxx	22/12/2020	verified	Alto
3	XXX.XXX.XX.X	Xxxxxxx	12/02/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/cgi-bin/user/Config.cgi	predictive	Alto
2	File	/cgi-sys/FormMail-clone.cgi	predictive	Alto
3	File	account.php	predictive	Médio
4	File	apply.cgi	predictive	Médio
5	File	article.php	predictive	Médio
6	File	cart.php	predictive	Médio
7	File	catalog.asp	predictive	Médio
8	File	category.php	predictive	Médio
9	File	cgi-bin/reorder2.asp	predictive	Alto
10	File	xxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxx	predictive	Alto
11	File	xxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Alto
12	File	xxxxxxxx_xxxxxxxxxx.xxx	predictive	Alto
13	File	xxxxxxx.xxx	predictive	Médio
14	File	xxxxxx.xxx	predictive	Médio
15	File	xxxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxx	predictive	Alto
17	File	xxxxx.xxx	predictive	Médio
18	File	xxxxx.xxx	predictive	Médio
19	File	xxxx.xxx	predictive	Médio
20	File	xxxx.xxx	predictive	Médio
21	File	xxxxxxx.xxx	predictive	Médio
22	File	xxxxxxxxxxxx.xxx	predictive	Alto
23	File	xxxxxxx.xxx	predictive	Médio
24	File	xxxxxxxx.xxx	predictive	Médio
25	File	xxxxxxx_xxxxxxx.xxx	predictive	Alto
26	File	xxxxxx.xxx	predictive	Médio
27	File	xxxxxxx.xxx	predictive	Médio
28	File	xxxxxx.xxx	predictive	Médio
29	File	xxxxxx.xxx	predictive	Médio
30	File	xxxx.xxx	predictive	Médio
31	File	xxxx.xxx	predictive	Médio
32	File	xxxx.xxx	predictive	Médio
33	File	xxxxxxxxxxxxx.xxx	predictive	Alto
34	File	xxxxxxxx.xxxx	predictive	Alto
35	File	xxxxx_xxxxxx_xxxxxx.xxx	predictive	Alto
36	File	xxxx_xxxx.xxx	predictive	Alto
37	File	xxxxxxxxxx.xxx	predictive	Alto
38	Argument	xxx	predictive	Baixo
39	Argument	xxxxxxx	predictive	Baixo
40	Argument	xxxxxxxxxx	predictive	Médio
41	Argument	xxxxxxxxxx	predictive	Médio
42	Argument	xxxxxxxx_xx	predictive	Médio
43	Argument	xxxxx	predictive	Baixo
44	Argument	xxx_xx	predictive	Baixo
45	Argument	xxx	predictive	Baixo
46	Argument	xxxxxxx	predictive	Baixo
47	Argument	xxxxxxx	predictive	Baixo
48	Argument	xx	predictive	Baixo
49	Argument	xxxxxxxxx	predictive	Médio
50	Argument	xxxx_xx[]	predictive	Médio
51	Argument	xxxx_xxxx	predictive	Médio
52	Argument	xxx	predictive	Baixo
53	Argument	xxxxxx_xx	predictive	Médio
54	Argument	xxxxxxx	predictive	Baixo
55	Argument	xxxx	predictive	Baixo
56	Argument	xxxx_xx	predictive	Baixo
57	Argument	xxxx_xx/xxxxxx	predictive	Alto
58	Argument	xxxxxx	predictive	Baixo
59	Argument	xxxxxx	predictive	Baixo
60	Argument	xxxxxxx_xx	predictive	Médio
61	Argument	x_xx	predictive	Baixo
62	Argument	xxx_xxx	predictive	Baixo
63	Argument	xxxxxx	predictive	Baixo
64	Argument	xxxxxx[]	predictive	Médio
65	Argument	xxxx/xxxxx/xxxx	predictive	Alto
66	Input Value	xxxxxx=xxx&xxxxxxxx=xxxxxxx.*	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!