ZeroAccess Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
IOC - Indicator of Compromise (335)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (29)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (263)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | .FBCIndex | predictive | Medium |
2 | File | /.ssh/authorized_keys | predictive | High |
3 | File | /blogengine/api/posts | predictive | High |
4 | File | /cgi-bin/api-get_line_status | predictive | High |
5 | File | /cgi-bin/luci | predictive | High |
6 | File | /cgi-bin/nobody/VerifyCode.cgi | predictive | High |
7 | File | /cgi-bin/upload_vpntar | predictive | High |
8 | File | /cgi-bin/wlogin.cgi | predictive | High |
9 | File | /Content/Template/root/reverse-shell.aspx | predictive | High |
10 | File | /env | predictive | Low |
11 | File | /export | predictive | Low |
12 | File | /forum/away.php | predictive | High |
13 | File | /FreshRSS/p/ext.php | predictive | High |
14 | File | /goform/addressNat | predictive | High |
15 | File | /goform/CertListInfo | predictive | High |
16 | File | /goform/fast_setting_wifi_set | predictive | High |
17 | File | /goform/IPSECsave | predictive | High |
18 | File | /goform/L7Im | predictive | Medium |
19 | File | /goform/NatStaticSetting | predictive | High |
20 | File | /goform/qossetting | predictive | High |
21 | File | /goform/SafeClientFilter | predictive | High |
22 | File | /goform/SafeMacFilter | predictive | High |
23 | File | /goform/SafeUrlFilter | predictive | High |
24 | File | /goform/setMacFilterCfg | predictive | High |
25 | File | /goform/VirtualSer | predictive | High |
26 | File | /h/calendar | predictive | Medium |
27 | File | /hrm/controller/employee.php | predictive | High |
28 | File | /hrm/employeeadd.php | predictive | High |
29 | File | /hrm/employeeview.php | predictive | High |
30 | File | /lib | predictive | Low |
31 | File | /xxxxx/xxxxx.xxx | predictive | High |
32 | File | /xx_xxxx.x | predictive | Medium |
33 | File | /xxxx/xxxxxx/xxxx_xxxxxxx.xxx | predictive | High |
34 | File | /xxxxxxx/xxxxx.xxx | predictive | High |
35 | File | /xxx/xxxx.xxx | predictive | High |
36 | File | /xxxxxxxx/xxxx_xxxxxxx.xxx | predictive | High |
37 | File | /xxxxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
38 | File | /xxxxx/xxxxxxx-xxx-xxxxxxxxxxx-xxxxxx-xxxx.xxxx | predictive | High |
39 | File | /xxxxxxxx/xxxx_xxxxxxx.xxx | predictive | High |
40 | File | /xxxxx | predictive | Low |
41 | File | /xxxx.xxx | predictive | Medium |
42 | File | /xxxxxxx/ | predictive | Medium |
43 | File | /xxx/xxx/xxxx | predictive | High |
44 | File | /xx/xxx-xxxxxx | predictive | High |
45 | File | /xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
46 | File | /xxxx-xxxxxxxx.xxx | predictive | High |
47 | File | /xx-xxxx/xx/xx/xxxxxxxx | predictive | High |
48 | File | xxxx_xxxxxxxxxxx_xxxx.xxx | predictive | High |
49 | File | xxxxxxx.xxx | predictive | Medium |
50 | File | xxx_xxxx.xxx | predictive | Medium |
51 | File | xxxxx.xxx | predictive | Medium |
52 | File | xxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxx | predictive | High |
53 | File | xxxxx/xxxxx.xxx | predictive | High |
54 | File | xxxxx/xxxxxx_xxxx.xxx | predictive | High |
55 | File | xxxxx/xxxx-xxxxx.xxx | predictive | High |
56 | File | xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
57 | File | xxxx_xxxxxxxxx.xxx | predictive | High |
58 | File | xxx/xxxxxxxxxxx/xxxxxxxx_xxxxx_xxxxxxxxxx.xx | predictive | High |
59 | File | xxx/xxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxx_xxxxxxxx_xxx_xxxxx_xxxxxxxxx.xx | predictive | High |
60 | File | xxxxxxxx.xxx | predictive | Medium |
61 | File | xxxxxxxxxxxx.xxxx | predictive | High |
62 | File | xxxx.xxx.xxx | predictive | Medium |
63 | File | x/xx/xxxxx/xxxxxxxx.x | predictive | High |
64 | File | xxxxxxxxxx.xxxx | predictive | High |
65 | File | xxxxxx/xxxxx-xxx_xxxxxxxx.xxx | predictive | High |
66 | File | xxxxxxxxxx/xxxxxxxxxx.xxx/xxxxxxx/xxx/xxxxxxxxxxxxxxxx.xx | predictive | High |
67 | File | xxxxx_xxx.x | predictive | Medium |
68 | File | xxxxx.xxx | predictive | Medium |
69 | File | xxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxx | predictive | High |
70 | File | xxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxx | predictive | High |
71 | File | xxx-xxx/xxx/xxxxxxxx_xxx.xxx | predictive | High |
72 | File | xxx-xxx/xxxxx/xxxxx/xxxxx/xxx_xxxx/xxxx_xxxx/ | predictive | High |
73 | File | xxxxxx.xxx | predictive | Medium |
74 | File | xxxxxx.x | predictive | Medium |
75 | File | xxxxxxxxxx/xxxxxxxx/xxx.xxxx.xxxxxx.xxxxxxxx.xxxxxx.xx/xxx/xxxx/xxxxxxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxx.xxx | predictive | High |
76 | File | xxxxxx.xxx | predictive | Medium |
77 | File | xxxxxxxxx.xxxxxxx.xxx | predictive | High |
78 | File | xxxxxx/xxx/x_xxxxxxxx_xxxxxxxx.x | predictive | High |
79 | File | xxxx.xx | predictive | Low |
80 | File | xx-x.xxx | predictive | Medium |
81 | File | xxxxxxxx/xxxxxxx.xxxx | predictive | High |
82 | File | xxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
83 | File | xxxxxxxxxxxxx.xxx | predictive | High |
84 | File | xxxxx.xxx | predictive | Medium |
85 | File | xxxxxxxxxx.xxx | predictive | High |
86 | File | xxxxxxxxxxx.xxx | predictive | High |
87 | File | xx/xxxxx/xxxxxxx.x | predictive | High |
88 | File | xx/xxxxxx/xxxxx.x | predictive | High |
89 | File | xx/xxxxxx/xxxxxxx.x | predictive | High |
90 | File | xxxxxxxxxxxx_xxxx.xxx | predictive | High |
91 | File | xxxxxx/xxxx_xxxxxxx_xxxxxxxx_xxx | predictive | High |
92 | File | xxxxxxxxx.xxx | predictive | High |
93 | File | xxxxxxxxx.xx | predictive | Medium |
94 | File | xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx | predictive | High |
95 | File | xxxxxxxxxxxxxxx.xxxx | predictive | High |
96 | File | xxxxxxxxxxxxxxx.xxxx | predictive | High |
97 | File | xxxx.xxx | predictive | Medium |
98 | File | xx.xxx | predictive | Low |
99 | File | xxx/xxxxxx.xxx | predictive | High |
100 | File | xxx/xxxxxxx/xxxxxxxxxxxxx/xxxxx.xxx | predictive | High |
101 | File | xxxxxxx.xxx | predictive | Medium |
102 | File | xxxxx.xxxx | predictive | Medium |
103 | File | xxxxx.xxx | predictive | Medium |
104 | File | xxxxxxxxxxxxxxx.xx | predictive | High |
105 | File | xxxxxx_xxx/xxxxx/xxxxxx/xxxx | predictive | High |
106 | File | xxxxxx/xxx/xxxxxxxx.x | predictive | High |
107 | File | xxxxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
108 | File | xxxxx/xxx_xxxxxxxx | predictive | High |
109 | File | xxxxx/xxxxxxxxx | predictive | High |
110 | File | xxx/xxxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxxxxxxxx.xx | predictive | High |
111 | File | xxxxx.xxx | predictive | Medium |
112 | File | xxxxxxxx.xxx | predictive | Medium |
113 | File | xxxxxxxxxx/xxxxxxx.x | predictive | High |
114 | File | xxxxxxx.xxx | predictive | Medium |
115 | File | xxxxxxx/xxxxxxx/xxxxx/xxxxx.xxx | predictive | High |
116 | File | xxx_xxx_xxxxxx.x | predictive | High |
117 | File | xxxx.xxx | predictive | Medium |
118 | File | xxxxxxxx_xxxxxx.xxx | predictive | High |
119 | File | xxx/xxxxxx/xx_xxxxxx.x | predictive | High |
120 | File | xxxx_xxxx.xxx | predictive | High |
121 | File | xxxx.xxxxxx.xx | predictive | High |
122 | File | xxx.xxx | predictive | Low |
123 | File | xxxxxxxxxx.xx | predictive | High |
124 | File | xxx_xxx.xx | predictive | Medium |
125 | File | xxxxxxx.xxx | predictive | Medium |
126 | File | xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
127 | File | xxx/xxxx/xxxx.xx | predictive | High |
128 | File | xxxx/xxxx_xxxxxx.xxx | predictive | High |
129 | File | xxxxxx.x | predictive | Medium |
130 | File | xxxxx/xxxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxxx.xxx | predictive | High |
131 | File | xxxxxxx.xxx | predictive | Medium |
132 | File | xxxxxxxxxxxx.xxxx | predictive | High |
133 | File | xxxx.xxx | predictive | Medium |
134 | File | xxxxxxx.xxx | predictive | Medium |
135 | File | xxxxx.xxx | predictive | Medium |
136 | File | xxxxx.xxx | predictive | Medium |
137 | File | xxxxxxxx.xx | predictive | Medium |
138 | File | xxxxxxxx.xxx | predictive | Medium |
139 | File | xxxxxxxxxx.xxx | predictive | High |
140 | File | xxxxxxxx.xxx?x=xxxx-xx-xxxxx | predictive | High |
141 | File | xxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxx | predictive | High |
142 | File | xx_xxxx.x | predictive | Medium |
143 | File | xxxxxxxx.xxx | predictive | Medium |
144 | File | xxx.xxxx | predictive | Medium |
145 | File | xxx/xxxxxxxxxxxx.xxx | predictive | High |
146 | File | xxx/xxxxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
147 | File | xxx/xxx/xxxxxxx/xxxx.xxx | predictive | High |
148 | File | xxxxxxx_xxxxxxxx.xxx | predictive | High |
149 | File | xxxxxxxxx/xxx.xxxx | predictive | High |
150 | File | xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
151 | File | xxxx-xxxxx.xxx | predictive | High |
152 | File | xxxx-xxxxx.xxx | predictive | High |
153 | File | xxxx-xxxxxxxx.xxx | predictive | High |
154 | File | xxxx-xxxx.x | predictive | Medium |
155 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
156 | File | xxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xx | predictive | High |
157 | File | xxxxxxx-x-x-x.xxx | predictive | High |
158 | File | xxxxxxxx.xxx | predictive | Medium |
159 | File | xxxx/xxx-xxx.xxx | predictive | High |
160 | File | xxxx/xxxxxxxxx/xxxxx.xxxxx.xxx | predictive | High |
161 | File | xxx.xxxxxx | predictive | Medium |
162 | File | xxxxxxxx.x | predictive | Medium |
163 | File | xx-xxxxx/xxxxx-xxxx.xxx | predictive | High |
164 | File | xx-xxxxx/xxxxxxxxx.xxx | predictive | High |
165 | File | xx-xxxxx/xxxxxxx.xxx | predictive | High |
166 | File | xx/xxxxxxxxx_xx.xxx | predictive | High |
167 | File | xxx/xxxxxxxx/xxxxxxxx.xxx | predictive | High |
168 | File | xxxxxxxxxxxxx.xx | predictive | High |
169 | File | ~/xxxxx/xxxx.xxx | predictive | High |
170 | Library | /_xxx_xxx/xxxxx.xxx | predictive | High |
171 | Library | x:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxx | predictive | High |
172 | Library | xxxxxxxxxxxxx.xxx | predictive | High |
173 | Library | xxxxxxxxxx.xxx | predictive | High |
174 | Library | xxxx-xxxxxxxxxx/xxx/xxxx/xxxxxxxxxx/xxxx_xxxxxxxxx.xx | predictive | High |
175 | Library | xx_xxxx.x/xxx_xxxx.x/xx_xxx.x | predictive | High |
176 | Library | xxxxxx/xxxxxxxxx/xxxxx.xxx | predictive | High |
177 | Library | xxxxxxxx.xxx | predictive | Medium |
178 | Argument | %xxxxxx{}% | predictive | Medium |
179 | Argument | xx/xx | predictive | Low |
180 | Argument | xxxxxxxx | predictive | Medium |
181 | Argument | xx | predictive | Low |
182 | Argument | xxxxxx | predictive | Low |
183 | Argument | xxxxxxxx | predictive | Medium |
184 | Argument | xxxxxx | predictive | Low |
185 | Argument | xxxxxxxx | predictive | Medium |
186 | Argument | xxx | predictive | Low |
187 | Argument | xxx[xxxxxx][xxxxx] | predictive | High |
188 | Argument | xxxx | predictive | Low |
189 | Argument | xxxxxxx | predictive | Low |
190 | Argument | xxxxxxx-xxxxxxxxxxx | predictive | High |
191 | Argument | xxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxxx/xxxxxxx_xxxxxx/xxxxxxxx/xxxx_xxxxx | predictive | High |
192 | Argument | xxxxxxxx_xx | predictive | Medium |
193 | Argument | xxxxxx | predictive | Low |
194 | Argument | xxxxxxxxxxx | predictive | Medium |
195 | Argument | xxxx | predictive | Low |
196 | Argument | xxxxxxxxxx | predictive | Medium |
197 | Argument | xxxxx | predictive | Low |
198 | Argument | xxxxx->xxxx | predictive | Medium |
199 | Argument | xxxxx | predictive | Low |
200 | Argument | xxxxxxx | predictive | Low |
201 | Argument | xxxxx_xxx | predictive | Medium |
202 | Argument | xx | predictive | Low |
203 | Argument | xxxxxxxx | predictive | Medium |
204 | Argument | xxxx | predictive | Low |
205 | Argument | xxxx | predictive | Low |
206 | Argument | xxxx | predictive | Low |
207 | Argument | xxxxxxxx/xxxxxx_xxxx | predictive | High |
208 | Argument | xxxxxxxxxxxxxxxxx | predictive | High |
209 | Argument | xx | predictive | Low |
210 | Argument | xxx_xxxxxxxx | predictive | Medium |
211 | Argument | xxxx | predictive | Low |
212 | Argument | xxxxxxxx | predictive | Medium |
213 | Argument | xxxxx | predictive | Low |
214 | Argument | xxxxxxxxxx | predictive | Medium |
215 | Argument | xxx_xxxxx_xxxx | predictive | High |
216 | Argument | xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxx | predictive | High |
217 | Argument | xxx | predictive | Low |
218 | Argument | xxx | predictive | Low |
219 | Argument | xxxx | predictive | Low |
220 | Argument | xxxx_xx | predictive | Low |
221 | Argument | xxxxxx | predictive | Low |
222 | Argument | xxxxxxx | predictive | Low |
223 | Argument | xxxx | predictive | Low |
224 | Argument | xxxxxxxxxx/xxxx/xxxxxxxx/xxxx/xxxxxxx_xxxx | predictive | High |
225 | Argument | xxxxxxxx | predictive | Medium |
226 | Argument | xxxxxxxx | predictive | Medium |
227 | Argument | xxxx | predictive | Low |
228 | Argument | xxxxx | predictive | Low |
229 | Argument | xxxxxxxx | predictive | Medium |
230 | Argument | xxxxxxxxx | predictive | Medium |
231 | Argument | xxxxxxxx_xx | predictive | Medium |
232 | Argument | xxx_xx | predictive | Low |
233 | Argument | xxxxxxxxxxxx_xxxxxxxxx | predictive | High |
234 | Argument | xxxxxxxx | predictive | Medium |
235 | Argument | xxxxxxx | predictive | Low |
236 | Argument | xxxxxxxxxx | predictive | Medium |
237 | Argument | xxxxx | predictive | Low |
238 | Argument | xxxxxx | predictive | Low |
239 | Argument | xxxxxxxxx/xxxxxxxxxxx | predictive | High |
240 | Argument | xxxxxxxxxxxxxxxxxx | predictive | High |
241 | Argument | xxxxxxxxxxxx | predictive | Medium |
242 | Argument | xxx | predictive | Low |
243 | Argument | xxx_xxxxxxx | predictive | Medium |
244 | Argument | xxxx | predictive | Low |
245 | Argument | xxxx_xxxxxx/xxxxxx/xxxxxx | predictive | High |
246 | Argument | xxxxx | predictive | Low |
247 | Argument | xx_xxxxx_xx | predictive | Medium |
248 | Argument | xxxxxxxxxxxx | predictive | Medium |
249 | Argument | xxx | predictive | Low |
250 | Argument | xxx | predictive | Low |
251 | Argument | xxxxx | predictive | Low |
252 | Argument | xxx | predictive | Low |
253 | Argument | xxxxxxxx | predictive | Medium |
254 | Argument | xxxxx | predictive | Low |
255 | Argument | xxxx | predictive | Low |
256 | Argument | x-xxxxxxxxx-xxx | predictive | High |
257 | Argument | x-xxxxxxxxx-xxxx | predictive | High |
258 | Input Value | '/x' | predictive | Low |
259 | Input Value | ../../../xxx/xxxxxx | predictive | High |
260 | Input Value | xxxxx | predictive | Low |
261 | Pattern | |xx xx xx xx| | predictive | High |
262 | Network Port | xxx/xx | predictive | Low |
263 | Network Port | xxx/xxxx | predictive | Medium |
References (22)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2019/04/threat-roundup-0419-to-0426.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
- https://blog.talosintelligence.com/2019/06/threat-roundup-0621-0628.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0628-0705.html
- https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html
- https://blog.talosintelligence.com/2021/05/threat-roundup-0507-0514.html
- https://blog.talosintelligence.com/2021/05/threat-roundup-0521-0528.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0723-0730.html
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/ZeroAccess