ioc[.]one - OSINT Cyber Threat Intelligence Database

Mapping FinFisher’s Continuing Proliferation

Tags

country:	Angola Egypt Argentina Bahrain Bangladesh Bosnia And Herzegovina Belgium Venezuela Malaysia Czechia Ethiopia Nigeria Gabon Jordan Indonesia Iraq Israel Italy Kazakhstan Kenya Morocco Saudi Arabia Spain Lebanon Lithuania North Macedonia Mexico Mongolia Oman Paraguay Serbia Slovenia South Africa Suriname Romania Syria Taiwan Turkmenistan United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Account - T1087.003 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Virtual Private Server - T1583.003 Virtual Private Server - T1584.003 Tool - T1588.002 Whois - T1596.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	d86ce4cc-7622-494a-9c12-d955480fdfc4
Fingerprint	8688c3d15ed7a75f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 15, 2015, midnight
Added to db	April 15, 2023, 1:02 p.m.
Last updated	Nov. 17, 2024, 9:42 p.m.
Headline	Pay No Attention to the Server Behind the Proxy Mapping FinFisher’s Continuing Proliferation
Title	Mapping FinFisher’s Continuing Proliferation
Detected Hints/Tags/Attributes	176/3/309

Source URLs

	Redirection	Url
Details	Redirection	https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation
Details	Source	https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/
Details	Redirection	https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/

URL Provider

Details	Provider	Source level domain
Details	citizenlab.ca	citizenlab.ca
Details	citizenlab.org	citizenlab.org

Attributes

Details	Type	#Events	Value
Details	Domain	454	www.google.com
Details	Domain	46	www.yahoo.com
Details	Domain	1	206.190.159.xxx
Details	Domain	1	112.78.143.xxx
Details	Domain	1	106.xxx
Details	Domain	11	libero.it
Details	Domain	1	93.146.250.xxx
Details	Domain	1	time.mk
Details	Domain	2	pchome.com.tw
Details	Domain	2	filehippo.com
Details	Domain	1	google.wwwhost.biz
Details	Domain	1	info.dynamic-dns.net
Details	Domain	4	update.ciscofreak.com
Details	Domain	1	no-ip.net
Details	Domain	3	uae.kim
Details	Domain	1	ddns.me
Details	Domain	5	test.cable-modem.org
Details	Domain	3	googlecombq6xx.ddns.net
Details	Domain	3	tvnew.otzo.com
Details	Domain	3	google.com.r3irv2ykn0qnd7vr7sqv7kg2qho3ab5tngl5avxi5iimz1jxw9pa9.uae.kim
Details	Domain	1	workingulf.net
Details	Domain	1	50.31.252.xxx
Details	Domain	1	95.170.82.xxx
Details	Domain	1	62.114.252.xxx
Details	Domain	1	wp.piedslibres.com
Details	Domain	3	pal4u.net
Details	Domain	2	pal2me.net
Details	Domain	1	shop8d.net
Details	Domain	1	news-youm7.com
Details	Domain	1	videos.news-youm7.com
Details	Domain	1	228.65.xxx
Details	Domain	1	37.139.27.xxx
Details	Domain	1	to70.org
Details	Domain	1	oman0.net
Details	Domain	1	www.finfisher.com
Details	Domain	1	bahrainwatch.org
Details	Domain	15	www.wired.co.uk
Details	Domain	45	www.eff.org
Details	Domain	67	citizenlab.ca
Details	Domain	10	community.rapid7.com
Details	Domain	35	wikileaks.org
Details	Domain	2	zmap.io
Details	Domain	1	espanol.yahoo.com
Details	Domain	2	maktoob.yahoo.com
Details	Domain	4127	github.com
Details	Domain	2	2014.hack.lu
Details	Domain	113	www.usenix.org
Details	Domain	1	www.dgfi.gov
Details	Domain	21	www.state.gov
Details	Domain	1	www.police.ac.be
Details	Domain	1373	twitter.com
Details	Domain	58	www.shodan.io
Details	Domain	1	www.bia.gov.rs
Details	Domain	1	ceas-serbia.org
Details	Domain	1	www.infobalkans.com
Details	Domain	1	labs.rs
Details	Domain	18	www.hrw.org
Details	Domain	2	www.privacyinternational.org
Details	Domain	1	news.detik.com
Details	Domain	151	www.bbc.com
Details	Domain	1	www.general-security.gov.lb
Details	Domain	1	www.isf.gov.lb
Details	Domain	7	www.ohchr.org
Details	Domain	3	privacyinternational.org
Details	Domain	184	www.fireeye.com
Details	Domain	1	youm7.news-youm7.com
Details	Domain	675	www.linkedin.com
Details	Domain	3	surveillance.rsf.org
Details	Domain	1	41.63.169.xxx
Details	Domain	1	176.67.169.xxx
Details	Domain	1	81.246.44.xxx
Details	Domain	1	78.46.172.xxx
Details	Domain	1	80.65.75.xxx
Details	Domain	1	180.235.133.xxx
Details	Domain	1	80.95.253.xxx
Details	Domain	1	197.156.66.xxx
Details	Domain	1	197.231.66.xxx
Details	Domain	1	118.97.103.xxx
Details	Domain	1	182.253.201.xxx
Details	Domain	1	50.31.240.xxx
Details	Domain	1	50.31.255.xxx
Details	Domain	1	103.28.56.xxx
Details	Domain	1	46.23.72.xxx
Details	Domain	1	83.170.112.xxx
Details	Domain	1	206.217.196.xxx
Details	Domain	1	202.182.52.xxx
Details	Domain	1	216.119.149.xxx
Details	Domain	1	103.28.57.xxx
Details	Domain	1	182.54.232.xxx
Details	Domain	1	180.250.74.xxx
Details	Domain	1	158.255.208.xxx
Details	Domain	1	109.123.112.xxx
Details	Domain	1	185.19.192.xxx
Details	Domain	1	178.208.76.xxx
Details	Domain	1	46.23.73.xxx
Details	Domain	1	197.254.122.xxx
Details	Domain	1	212.98.139.xxx
Details	Domain	1	77.42.156.xxx
Details	Domain	1	77.28.101.xxx
Details	Domain	1	77.28.102.xxx
Details	Domain	1	79.125.161.xxx
Details	Domain	1	213.136.89.xxx
Details	Domain	1	211.25.14.xxx
Details	Domain	1	93.104.212.xxx
Details	Domain	1	118.101.145.xxx
Details	Domain	1	201.122.183.xxx
Details	Domain	1	31.192.226.xxx
Details	Domain	1	103.230.82.xxx
Details	Domain	1	176.67.168.xxx
Details	Domain	1	109.123.86.xxx
Details	Domain	1	176.67.172.xxx
Details	Domain	1	37.123.115.xxx
Details	Domain	1	41.242.50.xxx
Details	Domain	1	204.14.42.xxx
Details	Domain	1	85.154.222.xxx
Details	Domain	1	146.185.163.xxx
Details	Domain	1	190.128.172.xxx
Details	Domain	1	158.255.215.xxx
Details	Domain	1	95.76.221.xxx
Details	Domain	1	62.149.86.xxx
Details	Domain	1	77.31.27.xxx
Details	Domain	1	37.107.117.xxx
Details	Domain	1	90.15.xxx
Details	Domain	1	89.48.xxx
Details	Domain	1	95.218.27.xxx
Details	Domain	1	195.178.51.xxx
Details	Domain	1	21.xxx
Details	Domain	1	105.224.57.xxx
Details	Domain	1	105.228.145.xxx
Details	Domain	1	192.96.200.xxx
Details	Domain	1	79.144.61.xxx
Details	Domain	1	41.215.240.xxx
Details	Domain	1	62.87.109.xxx
Details	Domain	1	209.59.205.xxx
Details	Domain	1	209.59.213.xxx
Details	Domain	1	212.166.246.xxx
Details	Domain	1	47.60.110.xxx
Details	Domain	1	190.14.38.xxx
Details	Domain	1	123.51.216.xxx
Details	Domain	1	212.156.217.xxx
Details	Domain	1	217.174.229.xxx
Details	Domain	1	217.174.226.xxx
Details	Domain	1	151.236.13.xxx
Details	Domain	1	62.153.225.xxx
Details	Domain	1	158.255.212.xxx
Details	Domain	1	80.156.28.xxx
Details	Domain	1	151.236.23.xxx
Details	Domain	1	106.186.24.xxx
Details	Domain	1	117.102.124.xxx
Details	Domain	2	148.xxx
Details	Domain	1	185.15.245.xxx
Details	Domain	1	37.17.173.xxx
Details	Domain	1	95.170.88.xxx
Details	Domain	1	89.46.101.xxx
Details	Domain	1	194.58.97.xxx
Details	Domain	1	116.251.208.xxx
Details	Domain	1	212.71.232.xxx
Details	Domain	1	209.208.108.xxx
Details	Domain	1	198.105.122.xxx
Details	Domain	1	162.220.246.xxx
Details	Domain	1	188.122.76.xxx
Details	Domain	1	190.97.165.xxx
Details	Domain	1	116.251.223.xxx
Details	Domain	1	192.64.11.xxx
Details	Domain	1	182.54.233.xxx
Details	Domain	1	103.246.249.xxx
Details	Domain	1	117.121.243.xxx
Details	Domain	1	192.99.151.xxx
Details	Domain	1	173.255.143.xxx
Details	Domain	1	179.43.160.xxx
Details	Domain	1	175.139.238.xxx
Details	Domain	1	131.72.138.xxx
Details	Domain	1	185.11.146.xxx
Details	Domain	1	105.228.147.xxx
Details	File	1	egyptian_army.rar
Details	File	6	test.cab
Details	File	3	dfserv.exe
Details	File	1	5671264.html
Details	File	816	index.html
Details	File	1	10-specifications.doc
Details	File	2	289_gamma-201110-finspy.pdf
Details	File	13	0.txt
Details	File	1	customers.html
Details	File	11	4.pdf
Details	File	2	sec14-paper-marczak.pdf
Details	File	1205	index.php
Details	File	109	index.htm
Details	File	1	menu_58.htm
Details	File	1	zakon-o-bia.html
Details	File	1	human-rights-in-serbia-2013.pdf
Details	File	1	ceas_plan_-_total_makeover.pdf
Details	File	1	human-rights-in-serbia-2014.pdf
Details	File	384	www.inf
Details	File	1	ceas_analysis_of_the_law_on_amendments_of_the_law_on_the_security_intelligence_agency.pdf
Details	File	1	upr_egypt.pdf
Details	File	1	5109873_-os-kenya-kenyan-intelligence-service-changes-name-boosts.html
Details	File	3	resources.php
Details	File	1	historical-overview.aspx
Details	File	1	functions.aspx
Details	File	1	sub1.aspx
Details	File	1	lebanon_upr_23rd_session_joint_stakeholder_submission_0.pdf
Details	File	1	isf-hist-en.pdf
Details	File	1	acodeofconducttohelpprotecthrlebanon.aspx
Details	File	1	220575.pdf
Details	File	1	moroccan_website_mamfakinch_targeted_by_government_grade_spyware_from_hacking_team_.html
Details	File	4	cyberattack_against_israeli_and_palestinian_targets.pdf
Details	File	1	molerats-here-for-spring.html
Details	File	2	jack.js
Details	File	1	acrobat-reader.rar
Details	Github username	3	hackedteam
Details	Github username	5	citizenlab
Details	Github username	1	finfisher
Details	md5	1	64c1ef8e0923bf44aaa96caeb28a6c11
Details	md5	2	57ab5f60198d311226cdc246598729ea
Details	sha1	1	0a92297ff1cb52112be0a6ee6b8d398cf001ed1e
Details	IPv4	1	200.74.241.111
Details	IPv4	4	192.161.48.59
Details	IPv4	4	162.220.246.117
Details	IPv4	1	198.105.125.158
Details	IPv4	1	23.229.3.37
Details	IPv4	3	131.72.136.28
Details	IPv4	3	172.227.95.162
Details	IPv4	1	195.178.51.251
Details	Url	5	https://www.yahoo.com
Details	Url	1	http://workingulf.net/dfserv.exe
Details	Url	1	http://wp.piedslibres.com/wp/wp-includes/js/next.scr
Details	Url	1	http://videos.news-youm7.com/youm7/videos/5671264.html
Details	Url	1	https://www.finfisher.com/finfisher/index.html
Details	Url	1	https://bahrainwatch.org/blog/2014/08/07/uk-spyware-used-to-hack-bahrain-lawyers-activists
Details	Url	1	http://www.wired.co.uk/news/archive/2014-02/17/illegal-spying-ethiopian-refugee
Details	Url	2	https://www.eff.org/cases/kidane-v-ethiopia
Details	Url	3	https://citizenlab.ca/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed
Details	Url	2	https://citizenlab.ca/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile
Details	Url	1	https://citizenlab.ca/2013/03/you-only-click-twice-finfishers-global-proliferation-2
Details	Url	1	https://citizenlab.ca/2013/04/for-their-eyes-only-2
Details	Url	1	https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher
Details	Url	1	https://wikileaks.org/spyfiles4/documents/finspy-3.10-specifications.doc
Details	Url	1	https://wikileaks.org/spyfiles/files/0/289_gamma-201110-finspy.pdf
Details	Url	2	https://zmap.io
Details	Url	1	https://github.com/hackedteam/rcs-collector/commit/0a92297ff1cb52112be0a6ee6b8d398cf001ed1e
Details	Url	2	https://citizenlab.ca/2014/02/mapping-hacking-teams-untraceable-spyware
Details	Url	1	https://github.com/citizenlab/spyware-scan/blob/master/ff/fingerprint-2.0.txt
Details	Url	1	https://github.com/citizenlab/spyware-scan/blob/master/ff/fingerprint-3.0.txt
Details	Url	1	https://github.com/citizenlab/spyware-scan/blob/master/ff/fingerprint-4.0.txt
Details	Url	1	https://wikileaks.org/spyfiles4/customers.html
Details	Url	1	http://2014.hack.lu/archive/2014/inside_spying_v1.4.pdf
Details	Url	2	https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-marczak.pdf
Details	Url	1	https://citizenlab.ca/2014/02/hacking-teams-us-nexus
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/547657
Details	Url	1	http://www.dgfi.gov.bd/index.php/about
Details	Url	1	https://www.hrw.org/report/2009/05/18/ignoring-executions-and-torture/impunity-bangladeshs-security-forces
Details	Url	1	http://www.state.gov/j/drl/rls/hrrpt/2013humanrightsreport/index.htm?year=2013&dlid=220388
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/17309
Details	Url	1	http://www.police.ac.be/menu_58.htm
Details	Url	1	https://twitter.com/wikileaks/status/620025057650319360/photo/1
Details	Url	1	https://www.shodan.io/host/195.178.51.251
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/765057
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/761837
Details	Url	1	http://www.bia.gov.rs/eng/o-agenciji/zakon-o-bia.html
Details	Url	1	http://www.bgcentar.org.rs/bgcentar/eng-lat/wp-content/uploads/2014/04/human-rights-in-serbia-2013.pdf
Details	Url	1	http://ceas-serbia.org/root/images/ceas_plan_-_total_makeover.pdf
Details	Url	1	http://www.bgcentar.org.rs/bgcentar/eng-lat/wp-content/uploads/2015/03/human-rights-in-serbia-2014.pdf
Details	Url	1	http://www.infobalkans.com/2014/06/25/serbian-government-adopts-amendments-bia-law
Details	Url	1	http://ceas-serbia.org/root/images/ceas_analysis_of_the_law_on_amendments_of_the_law_on_the_security_intelligence_agency.pdf
Details	Url	1	http://labs.rs/en/hacking-team-the-italian-job-of-serbian-security-services
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/1081335
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/1030236
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/14684
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/602607
Details	Url	1	https://www.hrw.org/world-report/2015/country-chapters/egypt
Details	Url	1	https://www.privacyinternational.org/sites/default/files/upr_egypt.pdf
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/565854
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/575806
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/601732
Details	Url	1	http://news.detik.com/wawancara/2212177/lembaga-sandi-negara-hi-tech-dan-misterius
Details	Url	1	http://www.theguardian.com/world/2015/mar/11/indonesian-jihadis-could-be-galvanised-return-isis-fighters-analyst
Details	Url	1	https://citizenlab.ca/2013/10/igf-2013-exploring-communications-surveillance-indonesia
Details	Url	1	https://wikileaks.org/gifiles/docs/51/5109873_-os-kenya-kenyan-intelligence-service-changes-name-boosts.html
Details	Url	1	http://www.standardmedia.co.ke/article/2000059031/nsis-and-police-boost-kenya-s-spy-networks?articleid=2000059031&story_title=nsis
Details	Url	1	https://www.hrw.org/world-report/2015/country-chapters/kenya
Details	Url	1	http://www.bloomberg.com/news/articles/2014-12-11/kenya-mps-debate-tough-security-laws-criticized-by-opposition
Details	Url	1	http://www.bbc.com/news/world-africa-30592083
Details	Url	1	https://www.fidh.org/international-federation-for-human-rights/africa/kenya/16696-kenya-the-security-laws-amendment-act-must-be-repealed
Details	Url	1	https://www.hrw.org/news/2014/12/13/kenya-security-bill-tramples-basic-rights
Details	Url	1	https://www.article19.org/resources.php/resource/37800/en/kenya
Details	Url	1	https://www.article19.org/resources.php/resource/37866/en/kenya
Details	Url	1	http://www.general-security.gov.lb/about-gs/historical-overview.aspx
Details	Url	1	http://www.general-security.gov.lb/about-gs/functions.aspx
Details	Url	1	http://www.general-security.gov.lb/about-gs/sub1.aspx
Details	Url	1	https://www.privacyinternational.org/node/586
Details	Url	1	https://www.privacyinternational.org/sites/default/files/lebanon_upr_23rd_session_joint_stakeholder_submission_0.pdf
Details	Url	1	http://www.isf.gov.lb/arabic/download/isf-hist-en.pdf
Details	Url	1	http://www.ohchr.org/en/newsevents/pages/acodeofconducttohelpprotecthrlebanon.aspx
Details	Url	1	https://www.hrw.org/report/2013/06/26/its-part-job/ill-treatment-and-torture-vulnerable-groups-lebanese-police-stations
Details	Url	1	https://www.hrw.org/news/2015/06/26/lebanon-monitor-detention-combat-torture
Details	Url	1	http://www.state.gov/documents/organization/220575.pdf
Details	Url	1	https://www.eff.org/deeplinks/2012/12/lebanese-security-agency-user-data-request-sparks-controversy
Details	Url	1	http://www.mpt.gov.lb/index.php/en/about-mpt-2/mpt-in-press/118-the-ministry-of-communications-will-not-implement-any-data-request-if-it-touched-the-freedoms-of-the-lebanese-and-represented-an-assault-on-their-privacy
Details	Url	1	http://www.slate.com/blogs/future_tense/2012/08/20/moroccan_website_mamfakinch_targeted_by_government_grade_spyware_from_hacking_team_.html
Details	Url	1	https://privacyinternational.org/?q=node
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/594340
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/590093
Details	Url	2	http://cyber-peace.org/wp-content/uploads/2014/01/cyberattack_against_israeli_and_palestinian_targets.pdf
Details	Url	1	https://www.fireeye.com/blog/threat-research/2014/06/molerats-here-for-spring.html
Details	Url	1	https://github.com/finfisher/finfly-web/blob/master/static_v2/jack.js
Details	Url	1	http://youm7.news-youm7.com/youm7/videos/acrobat-reader.rar
Details	Url	1	https://www.linkedin.com/in/warith1977
Details	Url	1	https://wikileaks.org/hackingteam/emails/emailid/601907
Details	Url	1	https://surveillance.rsf.org/en/gamma-international