Finland Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Finland Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.finland_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Finland Unknown:

There are 12 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Finland Unknown.

ID	IP address	Hostname	Campaign	Confidence
1	2.22.63.4	a2-22-63-4.deploy.static.akamaitechnologies.com	-	High
2	2.22.63.12	a2-22-63-12.deploy.static.akamaitechnologies.com	-	High
3	2.22.63.20	a2-22-63-20.deploy.static.akamaitechnologies.com	-	High
4	2.22.63.28	a2-22-63-28.deploy.static.akamaitechnologies.com	-	High
5	2.57.0.0	-	-	High
6	2.58.88.0	-	-	High
7	2.58.220.0	kpak2-a0.kuuskaista.fi	-	High
8	5.9.78.183	static.183.78.9.5.clients.your-server.de	-	High
9	5.23.56.0	-	-	High
10	5.39.7.248	nt.attemptdecisionsharp.online	-	High
11	5.39.26.164	ip164.ip-5-39-26.eu	-	High
12	5.39.28.228	d3.nslite.net	-	High
13	5.39.28.236	s7-07.god5.net	-	High
14	5.39.37.76	ip76.ip-5-39-37.eu	-	High
15	5.39.45.192	ip192.ip-5-39-45.eu	-	High
16	5.39.47.112	ip112.ip-5-39-47.eu	-	High
17	5.39.54.232	-	-	High
18	5.39.98.249	-	-	High
19	5.39.113.224	ip224.ip-5-39-113.eu	-	High
20	5.39.114.64	ip64.ip-5-39-114.eu	-	High
21	5.44.240.0	-	-	High
22	5.61.88.0	5-61-88-0.haminetti.net	-	High
23	5.83.56.0	-	-	High
24	5.104.80.0	-	-	High
25	5.133.104.0	-	-	High
26	5.133.112.0	-	-	High
27	5.135.15.0	ip0.ip-5-135-15.eu	-	High
28	5.135.60.224	-	-	High
29	5.135.61.80	-	-	High
30	5.135.72.160	-	-	High
31	5.135.87.32	-	-	High
32	5.135.109.32	ip32.ip-5-135-109.eu	-	High
33	5.135.200.48	-	-	High
34	5.135.206.64	-	-	High
35	5.135.207.224	sky-net2.bm-services.com	-	High
36	5.135.210.0	-	-	High
37	5.135.211.252	-	-	High
38	5.135.213.160	-	-	High
39	5.135.214.176	ip176.ip-5-135-214.eu	-	High
40	5.135.215.0	-	-	High
41	5.135.245.0	-	-	High
42	5.135.247.208	-	-	High
43	5.135.250.240	-	-	High
44	5.180.72.0	-	-	High
45	5.180.112.0	-	-	High
46	5.189.206.128	free.ds	-	High
47	5.196.129.224	-	-	High
48	5.196.144.152	-	-	High
49	5.196.158.32	-	-	High
50	5.196.196.96	ip96.ip-5-196-196.eu	-	High
51	5.196.208.112	ip112.ip-5-196-208.eu	-	High
52	5.231.4.0	-	-	High
53	5.250.160.0	-	-	High
54	5.253.72.0	-	-	High
55	8.42.52.0	-	-	High
56	13.106.226.0	-	-	High
57	17.66.84.0	-	-	High
58	17.67.8.0	-	-	High
59	17.69.104.0	-	-	High
60	17.77.128.0	-	-	High
61	17.79.32.192	-	-	High
62	17.79.252.12	-	-	High
63	17.79.254.12	-	-	High
64	23.92.115.0	-	-	High
65	23.103.132.16	-	-	High
66	23.103.132.48	-	-	High
67	23.103.132.128	-	-	High
68	23.103.133.160	-	-	High
69	23.103.144.0	-	-	High
70	23.103.236.96	-	-	High
71	23.103.236.160	-	-	High
72	23.103.236.224	-	-	High
73	23.103.237.32	-	-	High
74	23.103.246.128	-	-	High
75	23.103.246.192	-	-	High
76	23.103.247.0	-	-	High
77	23.103.247.64	-	-	High
78	23.103.247.128	-	-	High
79	23.103.248.192	-	-	High
80	23.103.254.160	-	-	High
81	23.250.0.64	davis.heresyourinfo.com	-	High
82	23.250.9.184	-	-	High
83	23.254.8.104	omphale104.virtuallio.com	-	High
84	31.6.27.0	-	-	High
85	31.7.16.0	dhcp-31-7-16-0.kymp.net	-	High
86	31.15.120.0	-	-	High
87	31.24.66.224	224.66.24.31.in-addr.zone	-	High
88	31.25.144.0	-	-	High
89	31.47.64.0	31-47-64-0.customers.tamico.com	-	High
90	31.132.12.0	-	-	High
91	31.172.152.0	-	-	High
92	31.187.84.0	-	-	High
93	31.204.64.96	-	-	High
94	31.204.65.64	-	-	High
95	31.204.66.96	-	-	High
96	31.216.224.0	-	-	High
97	31.217.192.0	-	-	High
98	31.220.28.64	-	-	High
99	32.42.29.136	-	-	High
100	32.106.148.0	-	-	High
101	34.99.36.0	0.36.99.34.bc.googleusercontent.com	-	Medium
102	34.99.60.0	0.60.99.34.bc.googleusercontent.com	-	Medium
103	35.228.20.170	170.20.228.35.bc.googleusercontent.com	-	Medium
104	37.1.184.0	37-1-184-0.ip.skylogicnet.com	-	High
105	37.9.113.126	37-9-113-126.spider.yandex.com	-	High
106	37.16.96.0	-	-	High
107	37.19.16.0	-	-	High
108	37.33.0.0	37-33-0-0.bb.dnainternet.fi	-	High
109	37.35.16.0	-	-	High
110	37.35.80.0	-	-	High
111	37.44.48.0	-	-	High
112	37.59.71.64	-	-	High
113	37.59.79.192	ip192.ip-37-59-79.eu	-	High
114	37.59.130.128	phe.eseam.rest	-	High
115	37.59.158.48	vpnout101-110-1-fi.ciberprotector.com	-	High
116	37.59.165.48	4sttmmmw0s.tkappahealth.quest	-	High
117	37.59.179.20	-	-	High
118	37.59.184.72	vpn.teamwiki.net	-	High
119	37.59.203.64	-	-	High
120	37.59.237.192	-	-	High
121	37.59.242.116	-	-	High
122	37.98.128.0	kone981280.ippnet.fi	-	High
123	37.114.80.0	-	-	High
124	37.130.160.0	37-130-160-0.bb.dnainternet.fi	-	High
125	37.136.0.0	37-136-0-0.rev.dnainternet.fi	-	High
126	37.187.197.64	-	-	High
127	37.187.207.100	-	-	High
128	37.187.207.104	-	-	High
129	37.203.211.0	-	-	High
130	37.219.0.0	37-219-0-0.nat.bb.dnainternet.fi	-	High
131	37.230.190.0	-	-	High
132	37.233.88.0	-	-	High
133	40.78.212.0	-	-	High
134	40.80.4.0	-	-	High
135	40.92.65.0	-	-	High
136	40.92.68.0	-	-	High
137	40.92.73.0	-	-	High
138	40.93.65.0	-	-	High
139	40.93.68.0	-	-	High
140	40.93.73.0	-	-	High
141	40.94.64.0	-	-	High
142	40.94.66.0	-	-	High
143	40.94.69.0	-	-	High
144	40.94.75.0	-	-	High
145	40.94.94.0	-	-	High
146	40.94.95.0	-	-	High
147	40.94.96.0	-	-	High
148	40.94.97.0	-	-	High
149	40.94.99.0	-	-	High
150	40.95.65.0	-	-	High
151	40.95.68.0	-	-	High
152	40.95.73.0	-	-	High
153	40.96.17.16	-	-	High
154	40.96.17.32	-	-	High
155	40.96.17.192	-	-	High
156	40.96.19.208	-	-	High
157	40.96.19.240	-	-	High
158	40.96.20.16	-	-	High
159	40.96.20.32	-	-	High
160	40.96.20.48	-	-	High
161	40.96.21.16	-	-	High
162	40.96.25.64	-	-	High
163	40.96.28.56	-	-	High
164	40.96.28.192	-	-	High
165	40.96.30.192	-	-	High
166	40.96.30.224	-	-	High
167	40.96.31.152	-	-	High
168	40.96.31.176	-	-	High
169	40.96.33.192	-	-	High
170	40.96.34.0	-	-	High
171	40.96.34.40	-	-	High
172	40.96.34.48	-	-	High
173	40.96.34.64	-	-	High
174	40.96.65.32	-	-	High
175	40.101.28.0	-	-	High
176	40.101.48.0	-	-	High
177	40.101.64.0	-	-	High
178	40.101.84.0	-	-	High
179	40.101.126.0	-	-	High
180	40.103.0.32	-	-	High
181	40.103.0.96	-	-	High
182	40.103.0.160	-	-	High
183	40.103.0.224	-	-	High
184	40.103.1.32	-	-	High
185	40.103.1.96	-	-	High
186	40.103.1.160	-	-	High
187	40.103.1.224	-	-	High
188	40.103.12.0	-	-	High
189	40.103.12.64	-	-	High
190	40.103.12.128	-	-	High
191	40.103.12.192	-	-	High
192	40.103.13.0	-	-	High
193	40.103.13.64	-	-	High
194	40.103.13.128	-	-	High
195	40.103.13.192	-	-	High
196	40.103.14.0	-	-	High
197	40.103.14.64	-	-	High
198	40.103.22.32	-	-	High
199	40.103.22.96	-	-	High
200	40.103.22.160	-	-	High
201	40.103.22.224	-	-	High
202	40.103.23.32	-	-	High
203	40.103.31.240	-	-	High
204	40.103.32.48	-	-	High
205	40.103.32.112	-	-	High
206	40.103.32.176	-	-	High
207	40.103.32.240	-	-	High
208	40.103.33.48	-	-	High
209	40.103.33.112	-	-	High
210	40.103.33.176	-	-	High
211	40.103.33.240	-	-	High
212	40.103.34.48	-	-	High
213	40.103.37.0	-	-	High
214	40.103.37.64	-	-	High
215	40.103.37.128	-	-	High
216	40.103.37.192	-	-	High
217	40.103.38.0	-	-	High
218	40.103.38.64	-	-	High
219	40.103.38.128	-	-	High
220	40.103.38.192	-	-	High
221	40.103.39.0	-	-	High
222	40.103.39.64	-	-	High
223	40.103.44.160	-	-	High
224	40.103.44.224	-	-	High
225	40.103.45.32	-	-	High
226	40.103.45.96	-	-	High
227	40.103.45.160	-	-	High
228	40.103.45.224	-	-	High
229	40.103.46.32	-	-	High
230	40.103.46.96	-	-	High
231	40.103.46.160	-	-	High
232	40.103.46.224	-	-	High
233	40.103.58.32	-	-	High
234	40.103.58.96	-	-	High
235	40.103.58.160	-	-	High
236	40.103.58.224	-	-	High
237	40.103.59.32	-	-	High
238	40.107.1.0	mail-eopbgr10000.outbound.protection.outlook.com	-	High
239	40.107.7.0	mail-eopbgr70000.outbound.protection.outlook.com	-	High
240	40.107.13.0	mail-eopbgr130000.outbound.protection.outlook.com	-	High
241	40.107.192.0	-	-	High
242	40.107.194.0	-	-	High
243	40.107.197.0	-	-	High
244	40.107.200.0	-	-	High
245	40.107.204.0	-	-	High
246	45.8.52.0	-	-	High
247	45.8.128.0	-	-	High
248	45.8.168.0	-	-	High
249	45.11.84.0	-	-	High
250	45.12.70.71	the-for618-catv.get-eye.com	-	High
251	45.12.71.71	-	-	High
252	45.13.0.0	-	-	High
253	45.13.60.0	-	-	High
254	45.14.40.0	-	-	High
255	45.14.200.0	-	-	High
256	45.57.163.200	-	-	High
257	45.66.192.0	-	-	High
258	45.81.180.0	-	-	High
259	45.82.16.0	45-82-16-0.dynamic.lounea.fi	-	High
260	45.82.108.0	-	-	High
261	45.82.148.0	dynamic-0-148.kalajoenkuitu.fi	-	High
262	45.85.232.0	-	-	High
263	45.86.172.0	-	-	High
264	45.87.132.0	-	-	High
265	45.87.200.0	-	-	High
266	45.88.44.0	-	-	High
267	45.93.53.0	-	-	High
268	45.130.60.0	-	-	High
269	45.135.144.0	a-45-135-144-0.rev.ip.ccn.fi	-	High
270	45.135.236.0	-	-	High
271	45.139.31.0	-	-	High
272	45.146.248.0	-	-	High
273	45.147.180.0	-	-	High
274	45.148.28.0	-	-	High
275	45.148.116.0	-	-	High
276	45.151.4.0	-	-	High
277	45.151.128.0	ip45-151-128-0.remedy.fi	-	High
278	45.152.104.0	45.152.104.0.canoramacloud.fi	-	High
279	45.154.68.0	2d9a4400.tnnet.fi	-	High
280	45.154.84.0	-	-	High
281	45.154.112.0	-	-	High
282	45.156.92.0	-	-	High
283	45.156.104.0	-	-	High
284	45.156.150.0	-	-	High
285	45.156.252.0	-	-	High
286	45.157.104.0	-	-	High
287	46.17.105.0	subnet.firstbyte.ru	-	High
288	46.17.192.0	-	-	High
289	46.23.160.0	46-23-160-0.dynamic.lounea.fi	-	High
290	46.30.128.0	-	-	High
291	46.105.137.104	-	-	High
292	46.105.139.0	ip0.ip-46-105-139.eu	-	High
293	46.105.142.96	ip96.ip-46-105-142.eu	-	High
294	46.105.161.80	-	-	High
295	46.105.163.56	ip56.ip-46-105-163.eu	-	High
296	46.105.179.173	ip173.ip-46-105-179.eu	-	High
297	46.105.179.174	ip174.ip-46-105-179.eu	-	High
298	46.105.186.192	-	-	High
299	46.105.188.80	-	-	High
300	46.105.217.240	m17.lazymail.biz	-	High
301	46.105.221.168	-	-	High
302	46.105.224.192	-	-	High
303	46.105.242.208	-	-	High
304	46.105.244.144	-	-	High
305	46.105.248.32	-	-	High
306	46.132.0.0	mobile-access-2e8400-0.dhcp.inet.fi	-	High
307	46.163.192.0	-	-	High
308	46.173.224.0	-	-	High
309	46.182.112.0	-	-	High
310	46.182.160.0	-	-	High
311	46.183.72.0	-	-	High
312	46.228.128.0	-	-	High
313	46.231.192.0	-	-	High
314	46.235.157.0	-	-	High
315	46.254.96.0	-	-	High
316	46.254.208.0	-	-	High
317	46.255.192.0	-	-	High
318	51.38.77.96	ip96.ip-51-38-77.eu	-	High
319	51.38.96.48	imatra.socialpresencepro.com	-	High
320	51.38.97.208	ip208.ip-51-38-97.eu	-	High
321	51.38.118.64	covid19.ircbox.se	-	High
322	51.38.122.40	ip40.ip-51-38-122.eu	-	High
323	51.38.137.16	forum.purepc.pl	-	High
324	51.38.200.144	ip144.ip-51-38-200.eu	-	High
325	51.38.217.0	ip0.ip-51-38-217.eu	-	High
326	51.38.247.80	rpn.limeshosting.com	-	High
327	51.38.249.128	ip128.ip-51-38-249.eu	-	High
328	51.68.67.224	ip224.ip-51-68-67.eu	-	High
329	51.68.101.192	cloud15.vipbodywork.com	-	High
330	51.68.105.160	ip160.ip-51-68-105.eu	-	High
331	51.68.162.160	ip160.ip-51-68-162.eu	-	High
332	51.68.170.224	oct17x4.adcruxmailserver.com	-	High
333	51.68.183.192	ip192.ip-51-68-183.eu	-	High
334	51.68.187.224	ip224.ip-51-68-187.eu	-	High
335	51.68.223.32	ip32.ip-51-68-223.eu	-	High
336	51.68.238.16	-	-	High
337	51.75.58.96	ip96.ip-51-75-58.eu	-	High
338	51.75.153.16	ip16.ip-51-75-153.eu	-	High
339	51.75.174.152	ip152.ip-51-75-174.eu	-	High
340	51.75.228.224	-	-	High
341	51.77.6.96	ip96.ip-51-77-6.eu	-	High
342	51.77.31.0	dst.enlignena.top	-	High
343	51.77.74.224	-	-	High
344	51.77.83.176	ip176.ip-51-77-83.eu	-	High
345	51.77.90.112	cloud.bgbest.net	-	High
346	51.77.92.96	konstanz.onlinebusinesswebhosting.com	-	High
347	51.77.94.32	-	-	High
348	51.77.225.0	desk-0.esfcumd.com	-	High
349	51.77.232.0	-	-	High
350	51.83.18.64	ip64.ip-51-83-18.eu	-	High
351	51.83.55.160	-	-	High
352	51.83.81.224	ord.magam.express	-	High
353	51.83.120.64	qns.itpaille.store	-	High
354	51.83.147.96	ip96.ip-51-83-147.eu	-	High
355	51.83.152.224	ip224.ip-51-83-152.eu	-	High
356	51.89.19.208	ip208.ip-51-89-19.eu	-	High
357	51.89.34.32	ip32.ip-51-89-34.eu	-	High
358	...	...	...	...

There are 1430 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Finland Unknown. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-21, CWE-22, CWE-23, CWE-24, CWE-36	Pathname Traversal	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	High
3	T1055	CWE-74	Injection	High
4	T1059	CWE-88, CWE-94	Cross Site Scripting	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
6	...	...	...	...

There are 22 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Finland Unknown. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`/action/ipcamRecordPost`	High
2	File	`/admin/api/admin/articles/`	High
3	File	`/admin/fst_upload.inc.php`	High
4	File	`/admin/pages/revisions.php`	High
5	File	`/admin/users/index.php`	High
6	File	`/api/audits`	Medium
7	File	`/api2/html/`	Medium
8	File	`/asms/classes/Master.php?f=delete_mechanic`	High
9	File	`/asms/classes/Master.php?f=delete_service`	High
10	File	`/bin/proc.cgi`	High
11	File	`/bsms_ci/index.php/book`	High
12	File	`/cgi-bin/logs.ha`	High
13	File	`/clients/listclients.php`	High
14	File	`/contacts/listcontacts.php`	High
15	File	`/data/app`	Medium
16	File	`/device/`	Medium
17	File	`/diag_ping_admin.asp`	High
18	File	`/DocSystem/Repos/getReposAllUsers.do`	High
19	File	`/etc/passwd`	Medium
20	File	`/event/admin/?page=user/list`	High
21	File	`/face-recognition-php/facepay-master/camera.php`	High
22	File	`/FreshRSS/p/ext.php`	High
23	File	`/front/actions.php`	High
24	File	`/goform/exeCommand`	High
25	File	`/goform/form2WizardStep4`	High
26	File	`/goform/IPSECsave`	High
27	File	`/goform/L7Im`	Medium
28	File	`/goform/SafeClientFilter`	High
29	File	`/goform/SafeUrlFilter`	High
30	File	`/goform/SetIpMacBind`	High
31	File	`/goform/setSysAdm`	High
32	File	`/goform/setSysPwd`	High
33	File	`/goform/SysToolReboot`	High
34	File	`/hrm/controller/employee.php`	High
35	File	`/hrm/employeeadd.php`	High
36	File	`/hrm/employeeview.php`	High
37	File	`/hss/?page=product_per_brand`	High
38	File	`/hss/admin/brands/manage_brand.php`	High
39	File	`/ims/login.php`	High
40	File	`/inc/parser/xhtml.php`	High
41	File	`/index.php?module=entities/fields&entities_id=24`	High
42	File	`/isomedia/meta.c`	High
43	File	`/jsoa/hntdCustomDesktopActionContent`	High
44	File	`/lookin/info`	Medium
45	File	`/mods/_core/courses/users/create_course.php`	High
46	File	`/odlms/?page=appointments/view_appointment`	High
47	File	`/proxy`	Low
48	...	...	...

There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_fi.netset

Literature

The following articles explain our unique predictive cyber threat intelligence:

33 KiB Raw Blame History