Micropsia Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (253)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en242
zh8
ar4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us130
gb112
cn8
nl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike5
BianLian5
Conti2
Lazarus2
SystemBC2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Operating System42
Virtualization Software32
Firewall Software14
Web Browser14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined62
Linux32
Microsoft18
Oracle18
Mozilla14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel32
Xen24
Mozilla Firefox14
Palo Alto PAN-OS10
Mozilla Firefox ESR10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Allegro RomPager memory corruption7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.046180.00CVE-2014-9223
2Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.085100.00CVE-2023-28231
3Progress MOVEit Transfer sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.00CVE-2021-38159
4Microsoft Windows IKE Protocol Extension Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.010930.04CVE-2022-34721
5Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974490.00CVE-2022-22954
6phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.15CVE-2005-3299
7jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.019000.00CVE-2020-11023
8Xen denial of service5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-25597
9Xen PCI Passthrough backdoor7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-25595
10Xen Timer Migration race condition4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-25604
11Xen RCU denial of service5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-25598
12Linux Kernel DAX Huge Page memory corruption6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.000540.02CVE-2020-10757
13Linux Kernel VFIO PCI Driver exceptional condition6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000470.00CVE-2020-12888
14Linux Kernel af9005.c af9005_identify_state resource consumption6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002540.04CVE-2019-18809
15Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.019840.05CVE-2023-38181
16Microsoft Exchange Server Privilege Escalation8.07.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.000560.04CVE-2023-36050
17NethServer phonenehome index.php get_country_coor sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001440.08CVE-2021-4313
18Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.966100.00CVE-2023-4966
19Synology DSM iSCSI Management missing authentication7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.00CVE-2022-27623
20koha opac-tags_subject.pl sql injection8.07.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003600.00CVE-2015-4633

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1192.169.6.59nordns.crowncloud.netMicropsia07/30/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/login/index.phppredictiveHigh
2File/oauth/idp/.well-known/openid-configurationpredictiveHigh
3File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
4Filearch/powerpc/kernel/entry_64.SpredictiveHigh
5Fileauth2-gss.cpredictiveMedium
6Fileblock/bfq-iosched.cpredictiveHigh
7Filecgi-bin/webcmpredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
11Filexxxxxxx/xxxxxx/xxx/xxx-xxx.xpredictiveHigh
12Filexxxxxxx/xxx/xxx/xxx/xxxxxx/xxxxxx_xxx.xpredictiveHigh
13Filexxxxxxx/xxx/xxxxxx/xxxxxx.xpredictiveHigh
14Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictiveHigh
15Filexxxxxxx/xxxxx/xxxxx.xpredictiveHigh
16Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xx.xpredictiveHigh
17Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
18Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxx.xpredictiveHigh
19Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxxxx_xxx.xpredictiveHigh
20Filexxxxxxx/xxx/xxx/xxx/xx_xxx.xpredictiveHigh
21Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxxx/xxxx_xxxx.xpredictiveHigh
22Filexxxxxxx/xxx/xxxxx/xxxxxx/xx-xxxxxx.xpredictiveHigh
23Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx_xxx.xpredictiveHigh
24Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xxxx.xpredictiveHigh
25Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xxx.xpredictiveHigh
26Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xx.xpredictiveHigh
27Filexxxxxxx/xx/xxxxxxxx.xpredictiveHigh
28Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
29Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
30Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
31Filexxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
32Filexx_xxxxxxxpredictiveMedium
33Filexxxxx/xxxxx_xxxxx_xpredictiveHigh
34Filexxxxxx/xxxxxxxxpredictiveHigh
35Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxx.xpredictiveMedium
38Filexxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
42Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
43Filexxx/xxx/xxx_xxxx.xpredictiveHigh
44Filexxxxxxx_xxxx.xxxpredictiveHigh
45Filexxxx-xxxx_xxxxxxx.xxpredictiveHigh
46Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
47Filexxxxxx/xxxxx.xxxpredictiveHigh
48Filexxxxx/xxxx/xxxxx.xpredictiveHigh
49Filexxx_xxx_xxxxx.xxxpredictiveHigh
50Filexxxxxxx.xxxxpredictiveMedium
51Filexxxx.xpredictiveLow
52Libraryxxx/xxxxxxxxx.xxxxxx.xxx.xxxpredictiveHigh
53Libraryxxx/xxx/xxxx/predictiveHigh
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxxxxpredictiveLow
56ArgumentxxxxxpredictiveLow
57Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
58ArgumentxxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60Argumentxxx:xxxxpredictiveMedium
61Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!