Ribaj 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

タイムライン

言語

en38
fr4

国・地域

us4

アクター

Ribaj2

アクティビティ

関心

タイムライン

タイプ

Not Defined10
Content Management System6
Programming Language Software6
Groupware Software4
Anti-Malware Software2

ベンダー

Not Defined26
VMware4
Alienvault2
Pragyan2
Trend Micro2

製品

PHP6
NexusPHP4
VMware Zimbra Collaboration Suite2
Alienvault USM2
Pragyan CMS2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1PHP _pdo_pqsql_error メモリ破損7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.00
2VMware Zimbra Collection Suite Web Application 弱い認証5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001660.00CVE-2013-5119
3VMware Zimbra Collaboration Suite Ajx%20TemplateMsg.js.zgz ディレクトリトラバーサル5.35.3$5k-$25k$0-$5kHighNot Defined0.973370.00CVE-2013-7091
4VMware Zimbra aspell.php クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.022340.00CVE-2013-1938
5PHP サービス拒否3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.03
6D-Link DIR Router _show_info.php 特権昇格5.45.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.000000.00
7Zend Framework Configuration File application.ini 情報の漏洩9.89.0$25k-$100k$0-$5kProof-of-ConceptWorkaround0.000000.00
8SquirrelMail Request Path 情報の漏洩5.35.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
9WordPress edit-tags.php 特権昇格6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
10phpMyAdmin Error Message view_create.php CREATE クロスサイトスクリプティング5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2013-3742
11phpMyAdmin tbl_chart.js クロスサイトスクリプティング6.15.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2013-4997
12cPanel WHM LogMeIn 弱い認証6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.05
13Palo Alto PAN-OS import.certificate.php 弱い認証4.44.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
14PHP OBJECT parse_iso_intervals.c DateInterval メモリ破損5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.589720.02CVE-2013-6712
15WordPress Credentials options-writing.php 特権昇格8.17.7$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.000000.00
16MediaWiki Deleted Page ApiQueryLogEvents.php 情報の漏洩5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003810.00CVE-2013-6472
17phpBB Exception サービス拒否5.34.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
18Drupal Taxonomy Module 特権昇格5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.001880.02CVE-2014-1476
19Trend Micro OfficeScan Proxy.php 特権昇格8.58.5$5k-$25k$0-$5kHighNot Defined0.647080.02CVE-2017-11394
20Trend Micro OfficeScan Proxy.php 特権昇格8.58.5$5k-$25k$0-$5kHighNot Defined0.129440.00CVE-2017-11393

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
146.4.111.124static.124.111.4.46.clients.your-server.deRibaj2022年04月12日verified
2XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxx2022年04月12日verified
3XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxx2022年04月12日verified
4XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxx2022年04月12日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/configs/application.inipredictive
2File/ossim/report/wizard_email.phppredictive
3Fileadmin/editadgroup.phppredictive
4Fileadminpanel/modules/pro/inc/ajax.phppredictive
5Filedapur\apps\app_config\sys_config.phppredictive
6Fileedit-tags.phppredictive
7Filexxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxpredictive
8Filexxx/xxxx/xxx/xxxxx_xxx_xxxxxxxxx.xpredictive
9Filexxxxxxxxxxx.xxxpredictive
10Filexxxxxx.xxxxxxxxxxx.xxxpredictive
11Filexxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxpredictive
12Filexxxxxx/xxxxx_xxxxx/xxx_xxxxxx_xxxxx.xxxpredictive
13Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxpredictive
14Filexxx_xxxxx_xxxx.xpredictive
15Filexxxxxx.xxxpredictive
16Filexxxxx.xxxpredictive
17Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictive
18Filexxxxxxxxx.xxxpredictive
19Filexxx/xxx/xxxxxx.xxxpredictive
20Filexxxxxxxx.xxxpredictive
21Filexxx_xxxxx.xxpredictive
22Filexxxxxxx.xxxpredictive
23Filexxxxxxxxxxx.xxxpredictive
24Filexxxx_xxxxxx.xxxpredictive
25Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictive
26File_xxxx_xxxx.xxxpredictive
27Libraryxxx/xxxxx.xxx.xxxpredictive
28Argument$_xxx['xxx_xxxxx']predictive
29Argument$_xxx['xxxxxxx']predictive
30Argumentxxxxxpredictive
31Argumentxxxxxxxxxxpredictive
32Argumentxxxxxxxpredictive
33Argumentxxxxx_xxxxpredictive
34Argumentxxxxxxpredictive
35Argumentxxxxxxx_xxxxpredictive
36Argumentxxxxxxx_xxxxpredictive
37Argumentxxxxxx_xxpredictive
38Argumentxxxxxxxxxxxpredictive
39Argumentxxxx_xxxxpredictive
40Argumentxxxxpredictive
41Argumentxxxxpredictive
42Argumentxxpredictive
43Argumentxxxxxxxxxxxxxpredictive
44Argumentxx_xxxx_xxxxxpredictive
45Argument_xx_xxxx_xxxxxxx/_xx_xxxxxxxx_xxxx_xxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!