Zebra2104 Analysis

IOB - Indicator of Behavior (152)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en148
ko2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cf54
cn10
us10
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Huawei HarmonyOS6
Google Android6
Qualcomm Snapdragon Compute4
Qualcomm Snapdragon Consumer IOT4
Qualcomm Snapdragon Industrial IOT4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Linux Kernel Virtual Interrupt injection4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.00CVE-2024-25742
2Microsoft Windows Virtual Machine Bus untrusted pointer dereference7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000460.06CVE-2024-26254
3Scimone Ignazio Prenotazioni Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31102
4keerti1924 Secret-Coder-PHP-Project secret_coder.sql sensitive information in source3.73.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2355
5Mozilla Thunderbird Encrypted Subject information disclosure3.13.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-1936
6LG Signage TV webOS code injection6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.04CVE-2024-1885
7Linux Kernel vgic-its vgic_its_check_cache use after free5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2024-26598
8Huawei HarmonyOS/EMUI Audio Module denial of service3.53.5$5k-$25k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-52358
9Palo Alto Networks PAN-OS/Prisma Access/Cloud NGFW Web Interface cross site scripting4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-0007
10Kunbus PR100088 Modbus Gateway Web Interface missing authentication9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001620.02CVE-2019-6533
11gsi-openssh-server sshd_config credentials management6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001830.05CVE-2019-7639
12Fortinet FortiOS SSH format string8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.002220.00CVE-2018-1352
13Kunbus PR100088 Modbus Gateway improper authentication8.88.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.02CVE-2019-6527
14Kunbus PR100088 Modbus Gateway FTP Service input validation4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000750.02CVE-2019-6529
15Microsoft Exchange Server Remote Code Execution9.88.5$25k-$100k$0-$5kUnprovenOfficial Fix0.040640.04CVE-2021-28481
16Microsoft Exchange Server Privilege Escalation9.07.8$25k-$100k$0-$5kUnprovenOfficial Fix0.003650.00CVE-2021-28483
17TripleCross Control Command memory corruption5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2022-35505
18WP Contact Slider Plugin Text to Display Settings cross site scripting3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2022-1301
19Apache Tika Incomplete Fix StandardsExtractingContentHandler incorrect regex3.43.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000730.00CVE-2022-33879
20Microsoft Windows Runtime Remote Code Execution8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.342660.05CVE-2022-21971

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
187.120.37.119Zebra210402/22/2022verifiedMedium
2XX.XXX.XX.XXXXxxxxxxxx02/22/2022verifiedMedium
3XX.XX.XXX.XXXXxxxxxxxx02/22/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/gsissh/sshd_configpredictiveHigh
2File/includes/lib/tree.phppredictiveHigh
3File/objects/getImage.phppredictiveHigh
4File/secret_coder.sqlpredictiveHigh
5File/services/details.asppredictiveHigh
6File/uncpath/predictiveMedium
7Filexxxxx/xxxxxxxxx_xxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxx/xxxxxpredictiveMedium
10Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
11Filexxxxxx/xxx.xxxpredictiveHigh
12Filexxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
14Filexxxxxx.xxxpredictiveMedium
15Filexxxx/xxxxxxx/xxxx_xxx.xxpredictiveHigh
16Filexx/xxxxxxx/xxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
17Filexxxxxxxx_xxxx.xxxxpredictiveHigh
18Filexxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxx/xxxx/xxx/xxxxxx-xxx-xxxxxxxx.xpredictiveHigh
20Filexx/xxxxx/xxxxxxx.xpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxx/xxxxx.xxxpredictiveHigh
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxx-xxxxxx.xxxpredictiveHigh
31Libraryxxxxxxxx.xxxpredictiveMedium
32Libraryxxxxxx.xxxpredictiveMedium
33ArgumentxxxxxxxxxpredictiveMedium
34Argumentxxxx/xxxxpredictiveMedium
35ArgumentxxxxxxxxxxxxpredictiveMedium
36ArgumentxxxxxxpredictiveLow
37ArgumentxxxxxxxxxpredictiveMedium
38Argumentxxxxx xxxxxxx xx xxxxxxx xxxxxxxxxxxx xx xxxx xxxxxxxxxxpredictiveHigh
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxxxpredictiveLow
42Argumentxxxxxxx_xxpredictiveMedium
43ArgumentxxxxxxxxxpredictiveMedium
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxpredictiveLow
48Argument_xxx_xxxxxxx_xxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxx_xxxxpredictiveHigh
49Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!