Zebra2104 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	138
de	10
ru	2
ar	2

Country

cf	52
us	16
de	8
cn	8
ar	2

Actors

Zebra2104	2
Cobalt Strike	2
BazarBackdoor	2
RedLine Stealer	2
xHunt	1

Activities

Interest

Timeline

Type

Not Defined	70
Content Management System	10
Operating System	8
Groupware Software	6
SCADA Software	6

Vendor

Not Defined	40
Microsoft	14
Apple	8
Adobe	6
Fortinet	4

Product

Microsoft Windows	6
GitLab Enterprise Edition	4
Microsoft Exchange Server	4
TCP Wrappers Trojan	2
Microsoft SharePoint Server	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Microsoft Windows Virtual Machine Bus untrusted pointer dereference	7.5	6.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.06	0.00043	CVE-2024-26254
2	Scimone Ignazio Prenotazioni Plugin cross site scripting	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00043	CVE-2024-31102
3	keerti1924 Secret-Coder-PHP-Project secret_coder.sql sensitive information in source	3.7	3.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00045	CVE-2024-2355
4	Mozilla Thunderbird Encrypted Subject information disclosure	3.1	3.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2024-1936
5	LG Signage TV webOS code injection	6.8	6.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.08	0.00043	CVE-2024-1885
6	Linux Kernel vgic-its vgic_its_check_cache use after free	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00044	CVE-2024-26598
7	Huawei HarmonyOS/EMUI Audio Module denial of service	3.5	3.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.02	0.00043	CVE-2023-52358
8	Palo Alto Networks PAN-OS/Prisma Access/Cloud NGFW Web Interface cross site scripting	4.6	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00043	CVE-2024-0007
9	Kunbus PR100088 Modbus Gateway Web Interface missing authentication	9.1	8.7	$0-$5k	Calculating	Not Defined	Official Fix	0.02	0.00162	CVE-2019-6533
10	gsi-openssh-server sshd_config credentials management	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00185	CVE-2019-7639
11	Fortinet FortiOS SSH format string	8.5	8.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00222	CVE-2018-1352
12	Kunbus PR100088 Modbus Gateway improper authentication	8.8	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00209	CVE-2019-6527
13	Kunbus PR100088 Modbus Gateway FTP Service input validation	4.9	4.7	$0-$5k	Calculating	Not Defined	Official Fix	0.02	0.00075	CVE-2019-6529
14	Microsoft Exchange Server Remote Code Execution	9.8	8.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.04447	CVE-2021-28481
15	Microsoft Exchange Server Privilege Escalation	9.0	7.8	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00	0.00286	CVE-2021-28483
16	TripleCross Control Command memory corruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00072	CVE-2022-35505
17	WP Contact Slider Plugin Text to Display Settings cross site scripting	3.6	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00058	CVE-2022-1301
18	Apache Tika Incomplete Fix StandardsExtractingContentHandler incorrect regex	3.4	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00076	CVE-2022-33879
19	Microsoft Windows Runtime Remote Code Execution	8.1	7.4	$100k and more	$5k-$25k	Unproven	Official Fix	0.00	0.47432	CVE-2022-21971
20	TP-LINK TL-WR840N/TL-WR841N Session session fixiation	8.5	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.03	0.30057	CVE-2018-11714

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Actor	Identified	Type	Confidence
1	87.120.37.119	Zebra2104	02/22/2022	verified	High
2	XX.XXX.XX.XXX	Xxxxxxxxx	02/22/2022	verified	High
3	XX.XX.XXX.XXX	Xxxxxxxxx	02/22/2022	verified	High

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Path Traversal	predictive	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	High
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
4	T1059	CWE-88, CWE-94	Argument Injection	predictive	High
5	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
9	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
13	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
15	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
16	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/etc/gsissh/sshd_config	predictive	High
2	File	/includes/lib/tree.php	predictive	High
3	File	/objects/getImage.php	predictive	High
4	File	/secret_coder.sql	predictive	High
5	File	/services/details.asp	predictive	High
6	File	/uncpath/	predictive	Medium
7	File	xxxxx/xxxxxxxxx_xxxxxx.xxx	predictive	High
8	File	xxxxxxx.xxx	predictive	Medium
9	File	xxx/xxxxx	predictive	Medium
10	File	xxxxxx/xxxxxxxxx.xxx	predictive	High
11	File	xxxxxx/xxx.xxx	predictive	High
12	File	xxxxxxxxx.xxx	predictive	High
13	File	xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
14	File	xxxxxx.xxx	predictive	Medium
15	File	xxxx/xxxxxxx/xxxx_xxx.xx	predictive	High
16	File	xx/xxxxxxx/xxxxxxx/xxxxxxxxxxxxxxx.xxxx	predictive	High
17	File	xxxxxxxx_xxxx.xxxx	predictive	High
18	File	xxxxxx/xxx/xxxxxxx.xxx	predictive	High
19	File	xxxx/xxxxxxxxxx/xxxx/xxx/xxxxxx-xxx-xxxxxxxx.x	predictive	High
20	File	xx/xxxxx/xxxxxxx.x	predictive	High
21	File	xxxxx.xxx	predictive	Medium
22	File	xxxxx.xxx	predictive	Medium
23	File	xxxxxxxx.xxx	predictive	Medium
24	File	xxxxxxx.xxx	predictive	Medium
25	File	xxxxxxxx.xxx	predictive	Medium
26	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	High
27	File	xxxxxx.xxx	predictive	Medium
28	File	xxxx/xxxxx.xxx	predictive	High
29	File	xxxxxxxxx.xxx	predictive	High
30	File	xxxxxxx-xxxxxx.xxx	predictive	High
31	Library	xxxxxxxx.xxx	predictive	Medium
32	Library	xxxxxx.xxx	predictive	Medium
33	Argument	xxxxxxxxx	predictive	Medium
34	Argument	xxxx/xxxx	predictive	Medium
35	Argument	xxxxxxxxxxxx	predictive	Medium
36	Argument	xxxxxx	predictive	Low
37	Argument	xxxxxxxxx	predictive	Medium
38	Argument	xxxxx xxxxxxx xx xxxxxxx xxxxxxxxxxxx xx xxxx xxxxxxxxxx	predictive	High
39	Argument	xxxxxxxx	predictive	Medium
40	Argument	xxxxxxx	predictive	Low
41	Argument	xxxxxx	predictive	Low
42	Argument	xxxxxxx_xx	predictive	Medium
43	Argument	xxxxxxxxx	predictive	Medium
44	Argument	xxxxxx	predictive	Low
45	Argument	xxx	predictive	Low
46	Argument	xxxxxxxx	predictive	Medium
47	Argument	xxxxx	predictive	Low
48	Argument	_xxx_xxxxxxx_xxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxx_xxxx	predictive	High
49	Network Port	xxx/xxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!