ZombieboyMiner Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	12
zh	4

Country

cn	16

Actors

ZombieboyMiner	3
Cobalt Strike	1

Activities

Interest

Timeline

Type

Not Defined	6
Operating System	4
Database Software	2
Firewall Software	2
Web Server	2

Vendor

Microsoft	6
Crestron	2
ZyXEL	2
Sophos	2
Not Defined	2

Product

Microsoft Windows	4
Crestron DM-TXRX-100-STR	2
Microsoft SQL Server	2
ZyXEL GS1920-24v2	2
Sophos Firewall	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	ZyXEL GS1920-24v2 HTTP Request unusual condition	7.8	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00086	0.00	CVE-2022-43393
2	laravel-admin unrestricted upload	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00156	0.05	CVE-2023-24249
3	Microsoft Windows NetBIOS/SMB Share improper authentication	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00349	0.05	CVE-1999-0519
4	ClamAV Antivirus Excel XLM Macro Parsing Module denial of service	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00215	0.00	CVE-2021-1252
5	Sophos Firewall User Portal/Webadmin improper authentication	8.5	8.5	$0-$5k	$0-$5k	High	Not Defined	0.97434	0.00	CVE-2022-1040
6	GNU Bash rbash input validation	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.04	CVE-2019-9924
7	Microsoft Windows DNS Server Privilege Escalation	7.2	6.5	$25k-$100k	$5k-$25k	Proof-of-Concept	Official Fix	0.01258	0.06	CVE-2021-40469
8	libpcap daemon.c input validation	6.3	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01624	0.00	CVE-2019-15161
9	Microsoft Windows TCP/IP Stack Remote Code Execution	8.6	7.8	$25k-$100k	$5k-$25k	Proof-of-Concept	Official Fix	0.00763	0.03	CVE-2020-16898
10	Jitsi Meet hard-coded credentials	8.5	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00196	0.03	CVE-2020-11878
11	nginx Error Page request smuggling	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00277	0.03	CVE-2019-20372
12	Wireshark IEEE 1905.1a Dissector packet-ieee1905.c input validation	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00407	0.00	CVE-2018-11354
13	Parity Ethereum Client JSON-RPC Endpoint permission	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00312	0.00	CVE-2017-14460
14	VMware Horizon Client/Horizon Message Framework Library out-of-bounds	6.4	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00379	0.03	CVE-2018-6970
15	Microsoft SQL Server access control	7.3	6.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00920	0.07	CVE-2007-5090
16	Crestron DM-TXRX-100-STR Web Management Interface credentials management	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00335	0.00	CVE-2016-5670

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	50.63.202.58	58.202.63.50.host.secureserver.net	ZombieboyMiner	10/23/2023	verified	High
2	52.78.124.149	ec2-52-78-124-149.ap-northeast-2.compute.amazonaws.com	ZombieboyMiner	10/23/2023	verified	Medium
3	XX.XXX.XX.XX	xx-xxx-xx-xx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxxxxxx	10/23/2023	verified	High
4	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxxxxxx	10/23/2023	verified	High
5	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxxxxxx	10/23/2023	verified	High
6	XX.XXX.X.XXX	xx-xxx-x-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxxxxxx	10/23/2023	verified	High
7	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxxxxxx	10/23/2023	verified	High
8	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxxxxxx	10/23/2023	verified	High
9	XXX.XXX.XX.XXX		Xxxxxxxxxxxxxx	10/23/2023	verified	High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1068		CWE-264	Execution with Unnecessary Privileges	predictive	High
2	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
3	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	epan/dissectors/packet-ieee1905.c	predictive	High
2	File	xxxxxx/xxxxxx.x	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!