Finteam Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (67)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58
fr4
it4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us58
cn4
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Finteam3
Cobalt Strike3
Silence2
IcedID2
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined38
Database Software6
Operating System6
Hosting Control Software2
Router Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Microsoft6
Application Dynamics2
Discuz2
Cisco2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FreeBSD6
PostgreSQL4
cPanel2
Application Dynamics Cartweaver ColdFusion2
Discuz UCenter Home2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Comersus Open Technologies Comersus BackOffice Plus comersus_backoffice_searchitemform.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002240.02CVE-2005-3285
2aasi media Net Clubs Pro sendim.cgi cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.007890.00CVE-2006-1965
3ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.02CVE-2018-10225
4PostgreSQL Client information disclosure3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.04CVE-2022-41862
5PostgreSQL User ID Local Privilege Escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000490.02CVE-2023-2455
6PostgreSQL Extension Script sql injection7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001450.00CVE-2023-39417
7PostgreSQL MERGE unknown vulnerability3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000850.02CVE-2023-39418
8WALLIX Bastion Network Access Administration Web Interface information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.04CVE-2023-46319
9Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kHighOfficial Fix0.873280.03CVE-2023-20198
10PHP-Nuke modules.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001360.02CVE-2014-3934
11Microsoft Windows Common Log File System Driver Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.001250.00CVE-2022-37969
12Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001180.05CVE-2022-30209
13VMware Workspace ONE Access improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.704350.00CVE-2022-31656
14VMware Workspace ONE Access/Identity Manager URL injection7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2022-31657
15VMware Workspace ONE Access JDBC injection4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2022-31665
16Microsoft .NET Core Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.080670.05CVE-2021-26701
17Sitecore Rocks Plugin Service command injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.00CVE-2019-12440
18sudo sudoers_policy_main heap-based overflow8.38.1$5k-$25k$0-$5kHighOfficial Fix0.970510.00CVE-2021-3156
19Hikvision DS-2CD7153-E improper authentication8.58.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.539760.04CVE-2013-4976
20Micro Focus GroupWise Administration Console unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003930.00CVE-2018-12468

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1146.0.72.180Finteam12/22/2020verifiedHigh
2XXX.XX.XXX.XXXXxxxxxx12/22/2020verifiedHigh
3XXX.XXX.XX.XXxxxxxx02/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2File/cgi-sys/FormMail-clone.cgipredictiveHigh
3Fileaccount.phppredictiveMedium
4Fileapply.cgipredictiveMedium
5Filearticle.phppredictiveMedium
6Filecart.phppredictiveMedium
7Filecatalog.asppredictiveMedium
8Filecategory.phppredictiveMedium
9Filecgi-bin/reorder2.asppredictiveHigh
10Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx.xxxxpredictiveHigh
35Filexxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
36Filexxxx_xxxx.xxxpredictiveHigh
37Filexxxxxxxxxx.xxxpredictiveHigh
38ArgumentxxxpredictiveLow
39ArgumentxxxxxxxpredictiveLow
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxxxpredictiveMedium
42Argumentxxxxxxxx_xxpredictiveMedium
43ArgumentxxxxxpredictiveLow
44Argumentxxx_xxpredictiveLow
45ArgumentxxxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48ArgumentxxpredictiveLow
49ArgumentxxxxxxxxxpredictiveMedium
50Argumentxxxx_xx[]predictiveMedium
51Argumentxxxx_xxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53Argumentxxxxxx_xxpredictiveMedium
54ArgumentxxxxxxxpredictiveLow
55ArgumentxxxxpredictiveLow
56Argumentxxxx_xxpredictiveLow
57Argumentxxxx_xx/xxxxxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxpredictiveLow
60Argumentxxxxxxx_xxpredictiveMedium
61Argumentx_xxpredictiveLow
62Argumentxxx_xxxpredictiveLow
63ArgumentxxxxxxpredictiveLow
64Argumentxxxxxx[]predictiveMedium
65Argumentxxxx/xxxxx/xxxxpredictiveHigh
66Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!