Zebra2104 تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

التسلسل الزمني

اللغة

en144
de4
fr2
ru2

البلد

cf58
us16
cn10
ru2
de2

الفاعلين

Zebra21042
Cobalt Strike2
BazarBackdoor2
RedLine Stealer2
xHunt1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined64
Operating System10
Content Management System10
Web Browser8
Groupware Software6

المجهز

Not Defined48
Microsoft14
Apple8
Adobe8
Google6

منتج

Microsoft Windows6
Huawei HarmonyOS4
Qualcomm Snapdragon Compute4
Qualcomm Snapdragon Consumer IOT4
Qualcomm Snapdragon Industrial IOT4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Microsoft Windows Virtual Machine Bus تلف الذاكرة7.56.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000460.06CVE-2024-26254
2Scimone Ignazio Prenotazioni Plugin سكربتات مشتركة4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31102
3keerti1924 Secret-Coder-PHP-Project secret_coder.sql الكشف عن المعلومات3.73.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-2355
4Mozilla Thunderbird Encrypted Subject الكشف عن المعلومات3.13.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-1936
5LG Signage TV webOS تجاوز الصلاحيات6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.04CVE-2024-1885
6Linux Kernel vgic-its vgic_its_check_cache تلف الذاكرة5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2024-26598
7Huawei HarmonyOS/EMUI Audio Module الحرمان من الخدمة3.53.5$5k-$25k$0-$5kNot DefinedNot Defined0.000430.02CVE-2023-52358
8Palo Alto Networks PAN-OS/Prisma Access/Cloud NGFW Web Interface سكربتات مشتركة4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-0007
9Kunbus PR100088 Modbus Gateway Web Interface توثيق ضعيف9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001620.02CVE-2019-6533
10gsi-openssh-server sshd_config تجاوز الصلاحيات6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001850.03CVE-2019-7639
11Fortinet FortiOS SSH Format String8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.002220.00CVE-2018-1352
12Kunbus PR100088 Modbus Gateway توثيق ضعيف8.88.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.02CVE-2019-6527
13Kunbus PR100088 Modbus Gateway FTP Service تجاوز الصلاحيات4.94.7$0-$5kجاري الحسابNot DefinedOfficial Fix0.000750.02CVE-2019-6529
14Microsoft Exchange Server Remote Code Execution9.88.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.044470.00CVE-2021-28481
15Microsoft Exchange Server Privilege Escalation9.07.8$25k-$100k$0-$5kUnprovenOfficial Fix0.005520.00CVE-2021-28483
16TripleCross Control Command تلف الذاكرة5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2022-35505
17WP Contact Slider Plugin Text to Display Settings سكربتات مشتركة3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2022-1301
18Apache Tika Incomplete Fix StandardsExtractingContentHandler تجاوز الصلاحيات3.43.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2022-33879
19Microsoft Windows Runtime Remote Code Execution8.17.4$100k أو أكثر$5k-$25kUnprovenOfficial Fix0.400280.05CVE-2022-21971
20TP-LINK TL-WR840N/TL-WR841N Session توثيق ضعيف8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.300570.07CVE-2018-11714

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
187.120.37.119Zebra210422/02/2022verifiedعالي
2XX.XXX.XX.XXXXxxxxxxxx22/02/2022verifiedعالي
3XX.XX.XXX.XXXXxxxxxxxx22/02/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CAPEC-126CWE-22Path Traversalpredictiveعالي
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CAPEC-137CWE-88, CWE-94Argument Injectionpredictiveعالي
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
13TXXXXCAPEC-55CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/etc/gsissh/sshd_configpredictiveعالي
2File/includes/lib/tree.phppredictiveعالي
3File/objects/getImage.phppredictiveعالي
4File/secret_coder.sqlpredictiveعالي
5File/services/details.asppredictiveعالي
6File/uncpath/predictiveمتوسط
7Filexxxxx/xxxxxxxxx_xxxxxx.xxxpredictiveعالي
8Filexxxxxxx.xxxpredictiveمتوسط
9Filexxx/xxxxxpredictiveمتوسط
10Filexxxxxx/xxxxxxxxx.xxxpredictiveعالي
11Filexxxxxx/xxx.xxxpredictiveعالي
12Filexxxxxxxxx.xxxpredictiveعالي
13Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
14Filexxxxxx.xxxpredictiveمتوسط
15Filexxxx/xxxxxxx/xxxx_xxx.xxpredictiveعالي
16Filexx/xxxxxxx/xxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveعالي
17Filexxxxxxxx_xxxx.xxxxpredictiveعالي
18Filexxxxxx/xxx/xxxxxxx.xxxpredictiveعالي
19Filexxxx/xxxxxxxxxx/xxxx/xxx/xxxxxx-xxx-xxxxxxxx.xpredictiveعالي
20Filexx/xxxxx/xxxxxxx.xpredictiveعالي
21Filexxxxx.xxxpredictiveمتوسط
22Filexxxxx.xxxpredictiveمتوسط
23Filexxxxxxxx.xxxpredictiveمتوسط
24Filexxxxxxx.xxxpredictiveمتوسط
25Filexxxxxxxx.xxxpredictiveمتوسط
26Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
27Filexxxxxx.xxxpredictiveمتوسط
28Filexxxx/xxxxx.xxxpredictiveعالي
29Filexxxxxxxxx.xxxpredictiveعالي
30Filexxxxxxx-xxxxxx.xxxpredictiveعالي
31Libraryxxxxxxxx.xxxpredictiveمتوسط
32Libraryxxxxxx.xxxpredictiveمتوسط
33Argumentxxxxxxxxxpredictiveمتوسط
34Argumentxxxx/xxxxpredictiveمتوسط
35Argumentxxxxxxxxxxxxpredictiveمتوسط
36Argumentxxxxxxpredictiveواطئ
37Argumentxxxxxxxxxpredictiveمتوسط
38Argumentxxxxx xxxxxxx xx xxxxxxx xxxxxxxxxxxx xx xxxx xxxxxxxxxxpredictiveعالي
39Argumentxxxxxxxxpredictiveمتوسط
40Argumentxxxxxxxpredictiveواطئ
41Argumentxxxxxxpredictiveواطئ
42Argumentxxxxxxx_xxpredictiveمتوسط
43Argumentxxxxxxxxxpredictiveمتوسط
44Argumentxxxxxxpredictiveواطئ
45Argumentxxxpredictiveواطئ
46Argumentxxxxxxxxpredictiveمتوسط
47Argumentxxxxxpredictiveواطئ
48Argument_xxx_xxxxxxx_xxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxx_xxxxpredictiveعالي
49Network Portxxx/xxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!