Ribaj Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en39
fr3

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1PHP _pdo_pqsql_error memory corruption7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.00
2VMware Zimbra Collection Suite Web Application improper authentication5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2013-5119
3VMware Zimbra Collaboration Suite Ajx%20TemplateMsg.js.zgz path traversal5.35.3$5k-$25k$0-$5kHighNot Defined0.05CVE-2013-7091
4VMware Zimbra aspell.php cross site scriting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2013-1938
5PHP denial of service3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.05
6D-Link DIR Router _show_info.php privileges management5.45.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.00
7Zend Framework Configuration File application.ini information disclosure9.89.0$25k-$100k$0-$5kProof-of-ConceptWorkaround0.03
8SquirrelMail Request Path information disclosure5.35.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.01
9WordPress edit-tags.php privileges management6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.05
10phpMyAdmin Error Message view_create.php CREATE cross site scripting5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2013-3742
11phpMyAdmin tbl_chart.js cross site scripting6.15.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2013-4997
12cPanel WHM LogMeIn improper authentication6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04
13Palo Alto PAN-OS import.certificate.php improper authentication4.44.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00
14PHP OBJECT parse_iso_intervals.c DateInterval memory corruption5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2013-6712
15WordPress Credentials options-writing.php backdoor8.17.7$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.03
16MediaWiki Deleted Page ApiQueryLogEvents.php information disclosure5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2013-6472
17phpBB Exception denial of service5.34.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00
18Drupal Taxonomy Module access control5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.00CVE-2014-1476
19Trend Micro OfficeScan Proxy.php input validation8.58.5$5k-$25k$0-$5kHighNot Defined0.03CVE-2017-11394
20Trend Micro OfficeScan Proxy.php input validation8.58.5$5k-$25k$0-$5kHighNot Defined0.04CVE-2017-11393

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
146.4.111.124static.124.111.4.46.clients.your-server.deRibajHigh
2XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxxHigh
3XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxxHigh
4XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxxHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxHigh

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/configs/application.iniHigh
2File/ossim/report/wizard_email.phpHigh
3Fileadmin/editadgroup.phpHigh
4Fileadminpanel/modules/pro/inc/ajax.phpHigh
5Filedapur\apps\app_config\sys_config.phpHigh
6Fileedit-tags.phpHigh
7Filexxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxHigh
8Filexxx/xxxx/xxx/xxxxx_xxx_xxxxxxxxx.xHigh
9Filexxxxxxxxxxx.xxxHigh
10Filexxxxxx.xxxxxxxxxxx.xxxHigh
11Filexxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxHigh
12Filexxxxxx/xxxxx_xxxxx/xxx_xxxxxx_xxxxx.xxxHigh
13Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxHigh
14Filexxx_xxxxx_xxxx.xHigh
15Filexxxxxx.xxxMedium
16Filexxxxx.xxxMedium
17Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxHigh
18Filexxxxxxxxx.xxxHigh
19Filexxx/xxx/xxxxxx.xxxHigh
20Filexxxxxxxx.xxxMedium
21Filexxx_xxxxx.xxMedium
22Filexxxxxxx.xxxMedium
23Filexxxxxxxxxxx.xxxHigh
24Filexxxx_xxxxxx.xxxHigh
25Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxHigh
26File_xxxx_xxxx.xxxHigh
27Libraryxxx/xxxxx.xxx.xxxHigh
28Argument$_xxx['xxx_xxxxx']High
29Argument$_xxx['xxxxxxx']High
30ArgumentxxxxxLow
31ArgumentxxxxxxxxxxMedium
32ArgumentxxxxxxxLow
33Argumentxxxxx_xxxxMedium
34ArgumentxxxxxxLow
35Argumentxxxxxxx_xxxxMedium
36Argumentxxxxxxx_xxxxMedium
37Argumentxxxxxx_xxMedium
38ArgumentxxxxxxxxxxxMedium
39Argumentxxxx_xxxxMedium
40ArgumentxxxxLow
41ArgumentxxxxLow
42ArgumentxxLow
43ArgumentxxxxxxxxxxxxxHigh
44Argumentxx_xxxx_xxxxxHigh
45Argument_xx_xxxx_xxxxxxx/_xx_xxxxxxxx_xxxx_xxxxxxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!