Micropsia Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (258)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en250
ar4
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA124
GB: Great Britain116
CN: China10
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BianLian5
Cobalt Strike5
SideWinder3
Conti2
Lazarus2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined62
Operating System56
Virtualization Software22
Web Browser18
Database Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined54
Linux42
Microsoft22
Oracle20
Mozilla14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel42
Xen16
Mozilla Firefox14
Mozilla Firefox ESR12
Microsoft Windows12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Allegro RomPager memory corruption7.36.4$0-$5k$0-$5kUnprovenOfficial fix 0.057040.04CVE-2014-9223
2Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial fixpossible0.604100.00CVE-2023-28231
3Progress MOVEit Transfer sql injection7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.024950.02CVE-2021-38159
4Microsoft Windows IKE Protocol Extension Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial fix 0.177530.02CVE-2022-34721
5Vmware Workspace ONE Access/Identity Manager Template injection9.89.6$5k-$25k$0-$5kHighOfficial fixverified0.944410.09CVE-2022-22954
6phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.059090.08CVE-2005-3299
7jQuery html cross site scripting5.95.8$0-$5k$0-$5kHighOfficial fixverified0.115260.08CVE-2020-11023
8Xen denial of service5.55.3$5k-$25k$0-$5kNot definedOfficial fix 0.000480.00CVE-2020-25597
9Xen PCI Passthrough backdoor7.06.7$5k-$25k$0-$5kNot definedOfficial fix 0.000550.00CVE-2020-25595
10Xen Timer Migration race condition4.74.5$0-$5k$0-$5kNot definedOfficial fix 0.000260.00CVE-2020-25604
11Xen RCU denial of service5.55.3$5k-$25k$0-$5kNot definedOfficial fix 0.000730.00CVE-2020-25598
12Linux Kernel DAX Huge Page memory corruption6.56.5$5k-$25k$5k-$25kNot definedNot defined 0.006400.00CVE-2020-10757
13Linux Kernel VFIO PCI Driver exceptional condition6.46.4$5k-$25k$0-$5kNot definedNot defined 0.000270.00CVE-2020-12888
14Linux Kernel af9005.c af9005_identify_state resource consumption6.46.3$5k-$25k$0-$5kNot definedOfficial fix 0.000910.00CVE-2019-18809
15GibbonEdu Gibbon File Upload resources_addQuick_ajaxProcess.php cross site scripting4.84.7$0-$5k$0-$5kNot definedNot defined 0.002890.03CVE-2023-45881
16Porto Plugin porto_ajax_posts file inclusion6.36.1$0-$5k$0-$5kNot definedNot definedpossible0.599700.00CVE-2024-3806
17Fahad Mahmood WP Datepicker Plugin authorization6.56.4$0-$5k$0-$5kNot definedNot defined 0.001520.00CVE-2024-47321
18E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.002020.08CVE-2008-2867
19Check Point Firewall/VPN-1 Topology Request information disclosure4.34.2$0-$5k$0-$5kHighOfficial fixpossible0.000000.02
20Microsoft Exchange Server privilege escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial fixexpected0.840320.06CVE-2023-38181

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1192.169.6.59nordns.crowncloud.netMicropsia07/30/2018verifiedVery Low

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/login/index.phppredictiveHigh
2File/modules/Planner/resources_addQuick_ajaxProcess.phppredictiveHigh
3File/oauth/idp/.well-known/openid-configurationpredictiveHigh
4File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
5Fileadclick.phppredictiveMedium
6Filearch/powerpc/kernel/entry_64.SpredictiveHigh
7Fileauth2-gss.cpredictiveMedium
8Fileblock/bfq-iosched.cpredictiveHigh
9Filexxx-xxx/xxxxxpredictiveHigh
10Filexxxx.xxxpredictiveMedium
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
13Filexxxxxxx/xxxxxx/xxx/xxx-xxx.xpredictiveHigh
14Filexxxxxxx/xxx/xxx/xxx/xxxxxx/xxxxxx_xxx.xpredictiveHigh
15Filexxxxxxx/xxx/xxxxxx/xxxxxx.xpredictiveHigh
16Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictiveHigh
17Filexxxxxxx/xxxxx/xxxxx.xpredictiveHigh
18Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xx.xpredictiveHigh
19Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
20Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxx.xpredictiveHigh
21Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxxxx_xxx.xpredictiveHigh
22Filexxxxxxx/xxx/xxx/xxx/xx_xxx.xpredictiveHigh
23Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxxx/xxxx_xxxx.xpredictiveHigh
24Filexxxxxxx/xxx/xxxxx/xxxxxx/xx-xxxxxx.xpredictiveHigh
25Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx_xxx.xpredictiveHigh
26Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xxxx.xpredictiveHigh
27Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xxx.xpredictiveHigh
28Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xx.xpredictiveHigh
29Filexxxxxxx/xx/xxxxxxxx.xpredictiveHigh
30Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
31Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
32Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
33Filexxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
34Filexx_xxxxxxxpredictiveMedium
35Filexxxxx/xxxxx_xxxxx_xpredictiveHigh
36Filexxxxxx/xxxxxxxxpredictiveHigh
37Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxx.xpredictiveMedium
40Filexxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
44Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
45Filexxx/xxx/xxx_xxxx.xpredictiveHigh
46Filexxxxxxx_xxxx.xxxpredictiveHigh
47Filexxxx-xxxx_xxxxxxx.xxpredictiveHigh
48Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
49Filexxxxxx/xxxxx.xxxpredictiveHigh
50Filexxxxx/xxxx/xxxxx.xpredictiveHigh
51Filexxx_xxx_xxxxx.xxxpredictiveHigh
52Filexxxxxxx.xxxxpredictiveMedium
53Filexxxx.xpredictiveLow
54Libraryxxx/xxxxxxxxx.xxxxxx.xxx.xxxpredictiveHigh
55Libraryxxx/xxx/xxxx/predictiveHigh
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxxxxxxxpredictiveMedium
60ArgumentxxxxxpredictiveLow
61Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
62ArgumentxxxxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64Argumentxxx:xxxxpredictiveMedium
65Network Portxxx/xxxpredictiveLow
66Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!