Zebra2104 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

时间轴

语言

en136
de10
ru2
ko2
ar2

国家/地区

cf54
us12
cn10
de4
es2

演员

Zebra21042
Cobalt Strike2
BazarBackdoor2
RedLine Stealer2
xHunt1

活动

利益

时间轴

类型

Not Defined60
Operating System12
WordPress Plugin8
Image Processing Software8
Smartphone Operating System6

供应商

Not Defined44
Microsoft16
Google10
Adobe10
Apple8

产品

Microsoft Windows8
Google Android4
Google Chrome4
Huawei HarmonyOS4
Adobe InDesign4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Microsoft Windows Virtual Machine Bus 内存损坏7.56.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2024-26254
2Scimone Ignazio Prenotazioni Plugin 跨网站脚本4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31102
3keerti1924 Secret-Coder-PHP-Project secret_coder.sql 信息公开3.73.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.06CVE-2024-2355
4Mozilla Thunderbird Encrypted Subject 信息公开3.13.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-1936
5LG Signage TV webOS 权限升级6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.08CVE-2024-1885
6Linux Kernel vgic-its vgic_its_check_cache 内存损坏5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2024-26598
7Huawei HarmonyOS/EMUI Audio Module 拒绝服务3.53.5$5k-$25k$0-$5kNot DefinedNot Defined0.000430.02CVE-2023-52358
8Palo Alto Networks PAN-OS/Prisma Access/Cloud NGFW Web Interface 跨网站脚本4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-0007
9Kunbus PR100088 Modbus Gateway Web Interface 弱身份验证9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001620.02CVE-2019-6533
10gsi-openssh-server sshd_config 权限升级6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001850.03CVE-2019-7639
11Fortinet FortiOS SSH Format String8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.002220.00CVE-2018-1352
12Kunbus PR100088 Modbus Gateway 弱身份验证8.88.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.02CVE-2019-6527
13Kunbus PR100088 Modbus Gateway FTP Service 权限升级4.94.7$0-$5k计算Not DefinedOfficial Fix0.000750.02CVE-2019-6529
14Microsoft Exchange Server Remote Code Execution9.88.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.044470.00CVE-2021-28481
15Microsoft Exchange Server Privilege Escalation9.07.8$25k-$100k$0-$5kUnprovenOfficial Fix0.005520.00CVE-2021-28483
16TripleCross Control Command 内存损坏5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2022-35505
17WP Contact Slider Plugin Text to Display Settings 跨网站脚本3.63.5$0-$5k计算Not DefinedOfficial Fix0.000580.00CVE-2022-1301
18Apache Tika Incomplete Fix StandardsExtractingContentHandler 权限升级3.43.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2022-33879
19Microsoft Windows Runtime Remote Code Execution8.17.4$100k 以及更多$5k-$25kUnprovenOfficial Fix0.400280.00CVE-2022-21971
20TP-LINK TL-WR840N/TL-WR841N Session 弱身份验证8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.300570.03CVE-2018-11714

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
187.120.37.119Zebra21042022-02-22verified
2XX.XXX.XX.XXXXxxxxxxxx2022-02-22verified
3XX.XX.XXX.XXXXxxxxxxxx2022-02-22verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-88, CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/etc/gsissh/sshd_configpredictive
2File/includes/lib/tree.phppredictive
3File/objects/getImage.phppredictive
4File/secret_coder.sqlpredictive
5File/services/details.asppredictive
6File/uncpath/predictive
7Filexxxxx/xxxxxxxxx_xxxxxx.xxxpredictive
8Filexxxxxxx.xxxpredictive
9Filexxx/xxxxxpredictive
10Filexxxxxx/xxxxxxxxx.xxxpredictive
11Filexxxxxx/xxx.xxxpredictive
12Filexxxxxxxxx.xxxpredictive
13Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
14Filexxxxxx.xxxpredictive
15Filexxxx/xxxxxxx/xxxx_xxx.xxpredictive
16Filexx/xxxxxxx/xxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictive
17Filexxxxxxxx_xxxx.xxxxpredictive
18Filexxxxxx/xxx/xxxxxxx.xxxpredictive
19Filexxxx/xxxxxxxxxx/xxxx/xxx/xxxxxx-xxx-xxxxxxxx.xpredictive
20Filexx/xxxxx/xxxxxxx.xpredictive
21Filexxxxx.xxxpredictive
22Filexxxxx.xxxpredictive
23Filexxxxxxxx.xxxpredictive
24Filexxxxxxx.xxxpredictive
25Filexxxxxxxx.xxxpredictive
26Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
27Filexxxxxx.xxxpredictive
28Filexxxx/xxxxx.xxxpredictive
29Filexxxxxxxxx.xxxpredictive
30Filexxxxxxx-xxxxxx.xxxpredictive
31Libraryxxxxxxxx.xxxpredictive
32Libraryxxxxxx.xxxpredictive
33Argumentxxxxxxxxxpredictive
34Argumentxxxx/xxxxpredictive
35Argumentxxxxxxxxxxxxpredictive
36Argumentxxxxxxpredictive
37Argumentxxxxxxxxxpredictive
38Argumentxxxxx xxxxxxx xx xxxxxxx xxxxxxxxxxxx xx xxxx xxxxxxxxxxpredictive
39Argumentxxxxxxxxpredictive
40Argumentxxxxxxxpredictive
41Argumentxxxxxxpredictive
42Argumentxxxxxxx_xxpredictive
43Argumentxxxxxxxxxpredictive
44Argumentxxxxxxpredictive
45Argumentxxxpredictive
46Argumentxxxxxxxxpredictive
47Argumentxxxxxpredictive
48Argument_xxx_xxxxxxx_xxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxx_xxxxpredictive
49Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!