Finteam Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (67)

Tidslinje

Lang

en52
fr8
de4
it4

Land

us50
ru6
cn4
gb4
fr2

Skådespelare

Finteam3
Cobalt Strike3
Silence2
IcedID2
RedLine Stealer1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined36
Content Management System4
Operating System4
Database Software4
Automation Software4

Säljare

Not Defined24
VMware4
Comersus Open Technologies4
nicLOR2
Omnistar Interactive2

Produkt

VMware Workspace ONE Access4
VMware Identity Manager4
FreeBSD4
ASP Product Catalog2
nicLOR Vibro-School-CMS2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002300.02CVE-2005-3285
2aasi media Net Clubs Pro sendim.cgi cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.007890.00CVE-2006-1965
3ThinkPHP index.php sql injektion8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001730.02CVE-2018-10225
4PostgreSQL Client informationsgivning3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.04CVE-2022-41862
5PostgreSQL User ID Local Privilege Escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000490.02CVE-2023-2455
6PostgreSQL Extension Script sql injektion7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001450.03CVE-2023-39417
7PostgreSQL MERGE okänd sårbarhet3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000850.02CVE-2023-39418
8WALLIX Bastion Network Access Administration Web Interface informationsgivning5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2023-46319
9Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.900800.07CVE-2023-20198
10PHP-Nuke modules.php sql injektion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.02CVE-2014-3934
11Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.001250.02CVE-2022-37969
12Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001040.04CVE-2022-30209
13VMware Workspace ONE Access svag autentisering9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.704350.00CVE-2022-31656
14VMware Workspace ONE Access/Identity Manager URL privilegier eskalering7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2022-31657
15VMware Workspace ONE Access JDBC privilegier eskalering4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2022-31665
16Microsoft .NET Core Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.080670.05CVE-2021-26701
17Sitecore Rocks Plugin Service privilegier eskalering8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.00CVE-2019-12440
18sudo sudoers_policy_main minneskorruption8.38.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.970510.00CVE-2021-3156
19Hikvision DS-2CD7153-E svag autentisering8.58.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.539760.04CVE-2013-4976
20Micro Focus GroupWise Administration Console privilegier eskalering7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003930.00CVE-2018-12468

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
1146.0.72.180Finteam22/12/2020verifiedHög
2XXX.XX.XXX.XXXXxxxxxx22/12/2020verifiedHög
3XXX.XXX.XX.XXxxxxxx12/02/2022verifiedHög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-22Path TraversalpredictiveHög
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/cgi-bin/user/Config.cgipredictiveHög
2File/cgi-sys/FormMail-clone.cgipredictiveHög
3Fileaccount.phppredictiveMedium
4Fileapply.cgipredictiveMedium
5Filearticle.phppredictiveMedium
6Filecart.phppredictiveMedium
7Filecatalog.asppredictiveMedium
8Filecategory.phppredictiveMedium
9Filecgi-bin/reorder2.asppredictiveHög
10Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHög
11Filexxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
12Filexxxxxxxx_xxxxxxxxxx.xxxpredictiveHög
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxxxxxxx.xxxpredictiveHög
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHög
17Filexxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxxx.xxxpredictiveHög
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxx_xxxxxxx.xxxpredictiveHög
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxx.xxxpredictiveHög
34Filexxxxxxxx.xxxxpredictiveHög
35Filexxxxx_xxxxxx_xxxxxx.xxxpredictiveHög
36Filexxxx_xxxx.xxxpredictiveHög
37Filexxxxxxxxxx.xxxpredictiveHög
38ArgumentxxxpredictiveLåg
39ArgumentxxxxxxxpredictiveLåg
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxxxpredictiveMedium
42Argumentxxxxxxxx_xxpredictiveMedium
43ArgumentxxxxxpredictiveLåg
44Argumentxxx_xxpredictiveLåg
45ArgumentxxxpredictiveLåg
46ArgumentxxxxxxxpredictiveLåg
47ArgumentxxxxxxxpredictiveLåg
48ArgumentxxpredictiveLåg
49ArgumentxxxxxxxxxpredictiveMedium
50Argumentxxxx_xx[]predictiveMedium
51Argumentxxxx_xxxxpredictiveMedium
52ArgumentxxxpredictiveLåg
53Argumentxxxxxx_xxpredictiveMedium
54ArgumentxxxxxxxpredictiveLåg
55ArgumentxxxxpredictiveLåg
56Argumentxxxx_xxpredictiveLåg
57Argumentxxxx_xx/xxxxxxpredictiveHög
58ArgumentxxxxxxpredictiveLåg
59ArgumentxxxxxxpredictiveLåg
60Argumentxxxxxxx_xxpredictiveMedium
61Argumentx_xxpredictiveLåg
62Argumentxxx_xxxpredictiveLåg
63ArgumentxxxxxxpredictiveLåg
64Argumentxxxxxx[]predictiveMedium
65Argumentxxxx/xxxxx/xxxxpredictiveHög
66Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!