Zebra2104 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (155)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en142
fr6
de4
ru2
ko2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CF: Central African Republic62
US: USA14
DE: Germany4
CN: China4
FR: France2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Zebra21042
Cobalt Strike2
BazarBackdoor2
RedLine Stealer2
xHunt1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined70
Operating System12
Smartphone Operating System6
Firewall Software6
Groupware Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Microsoft14
Google8
Linux6
Intel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
Linux Kernel6
Microsoft Windows6
Kunbus PR100088 Modbus Gateway4
Microsoft Exchange Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Linux Kernel netpoll_owner_active race condition4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.05CVE-2024-41005
2Elastic Cloud Enterprise API Key improper authorization6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-37282
3DumpTS DumpTS.cpp VerifyCommandLine null pointer dereference3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-39132
4Linux Kernel Virtual Interrupt injection4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.04CVE-2024-25742
5Microsoft Windows Virtual Machine Bus untrusted pointer dereference7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000460.06CVE-2024-26254
6Scimone Ignazio Prenotazioni Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31102
7keerti1924 Secret-Coder-PHP-Project secret_coder.sql sensitive information in source3.73.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-2355
8Mozilla Thunderbird Encrypted Subject information disclosure3.13.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2024-1936
9LG Signage TV webOS code injection6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.00CVE-2024-1885
10Linux Kernel vgic-its vgic_its_check_cache use after free6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.05CVE-2024-26598
11Huawei HarmonyOS/EMUI Audio Module denial of service3.53.5$5k-$25k$0-$5kNot DefinedNot Defined0.000430.04CVE-2023-52358
12Palo Alto Networks PAN-OS/Prisma Access/Cloud NGFW Web Interface cross site scripting4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-0007
13Kunbus PR100088 Modbus Gateway Web Interface missing authentication9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001620.00CVE-2019-6533
14gsi-openssh-server sshd_config credentials management6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001830.05CVE-2019-7639
15Fortinet FortiOS SSH format string8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.002220.00CVE-2018-1352
16Kunbus PR100088 Modbus Gateway improper authentication8.88.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.00CVE-2019-6527
17Kunbus PR100088 Modbus Gateway FTP Service input validation4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000750.05CVE-2019-6529
18Microsoft Exchange Server Remote Code Execution9.88.5$25k-$100k$0-$5kUnprovenOfficial Fix0.040640.04CVE-2021-28481
19Microsoft Exchange Server Privilege Escalation9.07.8$25k-$100k$0-$5kUnprovenOfficial Fix0.003330.00CVE-2021-28483
20TripleCross Control Command memory corruption5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2022-35505

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
187.120.37.119Zebra210402/22/2022verifiedMedium
2XX.XXX.XX.XXXXxxxxxxxx02/22/2022verifiedMedium
3XX.XX.XXX.XXXXxxxxxxxx02/22/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-55CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (51)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/gsissh/sshd_configpredictiveHigh
2File/includes/lib/tree.phppredictiveHigh
3File/objects/getImage.phppredictiveHigh
4File/secret_coder.sqlpredictiveHigh
5File/services/details.asppredictiveHigh
6File/src/DumpTS.cpppredictiveHigh
7File/xxxxxxx/predictiveMedium
8Filexxxxx/xxxxxxxxx_xxxxxx.xxxpredictiveHigh
9Filexxxxxxx.xxxpredictiveMedium
10Filexxx/xxxxxpredictiveMedium
11Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
12Filexxxxxx/xxx.xxxpredictiveHigh
13Filexxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
15Filexxxxxx.xxxpredictiveMedium
16Filexxxx/xxxxxxx/xxxx_xxx.xxpredictiveHigh
17Filexx/xxxxxxx/xxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
18Filexxxxxxxx_xxxx.xxxxpredictiveHigh
19Filexxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxxx/xxxx/xxx/xxxxxx-xxx-xxxxxxxx.xpredictiveHigh
21Filexx/xxxxx/xxxxxxx.xpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxxx/xxxxx.xxxpredictiveHigh
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxx-xxxxxx.xxxpredictiveHigh
32Libraryxxxxxxxx.xxxpredictiveMedium
33Libraryxxxxxx.xxxpredictiveMedium
34ArgumentxxxxxxxxxpredictiveMedium
35Argumentxxxx/xxxxpredictiveMedium
36ArgumentxxxxxxxxxxxxpredictiveMedium
37ArgumentxxxxxxpredictiveLow
38ArgumentxxxxxxxxxpredictiveMedium
39Argumentxxxxx xxxxxxx xx xxxxxxx xxxxxxxxxxxx xx xxxx xxxxxxxxxxpredictiveHigh
40ArgumentxxxxxxxxpredictiveMedium
41Argumentxxxx_xxxxxpredictiveMedium
42ArgumentxxxxxxxpredictiveLow
43ArgumentxxxxxxpredictiveLow
44Argumentxxxxxxx_xxpredictiveMedium
45ArgumentxxxxxxxxxpredictiveMedium
46ArgumentxxxxxxpredictiveLow
47ArgumentxxxpredictiveLow
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxxpredictiveLow
50Argument_xxx_xxxxxxx_xxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxx_xxxxpredictiveHigh
51Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!