MidgeDropper Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (213)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en214

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14
cn4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MidgeDropper2
GoatRAT1
Mikey1
Nobelium1
BianLian1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined72
Smartphone Operating System18
Operating System14
Multimedia Player Software12
Web Browser8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined66
Microsoft18
Apple18
Google12
IBM10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android10
Microsoft Windows8
Apple iOS6
Apple iTunes6
Microsoft Edge6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Asus AsusWRT start_apply.htm os command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013500.05CVE-2018-20334
2IBM AIX/VIOS qdaemon Command access control8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.05CVE-2023-45174
3JS7 File Name cross site scripting5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2023-37272
4mabl Plugin permission6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2023-37951
5Apache Tomcat JmxRemoteLifecycleListener access control9.89.6$5k-$25k$0-$5kHighOfficial Fix0.251150.04CVE-2016-8735
6tcpdump L2TP Parser print-l2tp.c memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.006110.00CVE-2017-13006
7MiCODUS MV720 GPS Tracker POST Parameter authorization5.45.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2022-33944
8Spsoft AppLock Biometric Authentication improper authentication5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000480.00CVE-2022-1959
9Linux Kernel io_uring Module io_uring.c io_read out-of-bounds5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2022-1508
10rizin Binarygets uninitialized pointer5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2021-4022
11CERTCC VINCE URL redirect6.26.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2022-25799
12F5 BIG-IP LTM Monitor/APM SSO out-of-bounds4.14.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000650.04CVE-2022-33968
13Qualcomm Snapdragon Auto Clip null pointer dereference6.46.1$5k-$25kCalculatingNot DefinedOfficial Fix0.001450.00CVE-2019-2334
14Qualcomm Snapdragon Auto Attach Reject Message infinite loop6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2019-2335
15Google Android Qualcomm Component use after free5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2019-2336
16Open Forms redirect6.76.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.00CVE-2022-31040
17CSL DualCom GPRS CS2300-R SMS Message 7pk security7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.004100.00CVE-2015-7288
18Google Chrome Vulkan use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003660.00CVE-2022-1477
19TBOOT Boot Loader loader.c input validation5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.04CVE-2014-5118
20Yoo Slider Plugin cross-site request forgery4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2022-25608

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.225.68.37MidgeDropper10/11/2023verifiedHigh
2XXX.XXX.XX.XXXXxxxxxxxxxxx10/11/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/MicroStrategyWS/happyaxis.jsppredictiveHigh
2File/rapi/read_urlpredictiveHigh
3File/start_apply.htmpredictiveHigh
4File/topicpredictiveLow
5File/uncpath/predictiveMedium
6File/uploadpredictiveLow
7Fileadmin.phppredictiveMedium
8Fileadmin/graph_trend.phppredictiveHigh
9Fileadmin/index.php?empty=tablepredictiveHigh
10Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxxx/xx/xxxx.xxpredictiveHigh
12Filexxxx/xxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxx.xpredictiveMedium
14Filexxx_xxxxx.xxxpredictiveHigh
15Filexxxxxxx/xxx/xxxx/xxxx_xxxx.xpredictiveHigh
16Filexxxxx.xpredictiveLow
17Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexx/xx_xxxxx.xpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxxxx\xxxxx\xxxx_xxxx.xxxpredictiveHigh
24Filexxxxxxxxxxx/xxxxxxx.xpredictiveHigh
25Filexxxxxxx/xxxxxxxxxx.xxpredictiveHigh
26Filexxxxxx.xpredictiveMedium
27Filexxxxxxxxxxxx.xxxxpredictiveHigh
28Filexxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxx/xxxxxxxx/xxxxpredictiveHigh
30Filexx_xxxxxxxxxxpredictiveHigh
31Filexxxx_xxxxxx.xxxpredictiveHigh
32Filexxxxx-xxxx.xpredictiveMedium
33Filexxxxxx.xpredictiveMedium
34Filexxxxxx.xpredictiveMedium
35Filexxxxx/xxxxx-xxxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxx.xxx/xxxxxx.xxxpredictiveHigh
39Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
40Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxx_xxxxxxxxpredictiveHigh
41Filexx-xxxxx/xxxxx.xxxpredictiveHigh
42Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
43Filexxxx/xxxxxxx.xpredictiveHigh
44Libraryxxxxxxxx.xxxpredictiveMedium
45Libraryxxx/xxxxxxxxxx.xxxpredictiveHigh
46Libraryxxxxxxx.xpredictiveMedium
47Libraryxxxxxxxx.xxxpredictiveMedium
48Argumentxxxxx_xxxxxxxxxpredictiveHigh
49Argumentxx_xxxxxpredictiveMedium
50Argumentxxxxxxx-xxxxxxxxxxxpredictiveHigh
51Argumentxxxxxxx_xxxxx_xxxxpredictiveHigh
52Argumentxxxx_xxxx_xxxpredictiveHigh
53Argumentxxxxxx/xxxxxxpredictiveHigh
54Argumentxxxxxx xxpredictiveMedium
55Argumentxxx_xxxxx_xxxxpredictiveHigh
56Argumentxxxxx xxxxpredictiveMedium
57Argumentxx_xxxxxpredictiveMedium
58Argumentxxxx_xxxxxxxpredictiveMedium
59ArgumentxxpredictiveLow
60ArgumentxxxxxxxxxxpredictiveMedium
61Argumentxxxxx_xxxxx_xxxxpredictiveHigh
62Argumentxxx-xxxxxxpredictiveMedium
63ArgumentxxxxxxxxxxxpredictiveMedium
64ArgumentxxxxxpredictiveLow
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68ArgumentxxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70Argumentxxxx_xxxpredictiveMedium
71ArgumentxxxxxpredictiveLow
72Argumentxxxx-xxxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxpredictiveLow
75Argument__xxxxxxpredictiveMedium
76Input Value./../../xxx/xxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!