Ribaj Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

Cronología

Idioma

en36
fr6

País

us4
fr2

Actores

Ribaj2
Dealply1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined8
Groupware Software6
Content Management System6
Anti-Malware Software4
WordPress Plugin4

Proveedor

Not Defined22
VMware6
Trend Micro4
Pragyan4
D-Link2

Producto

Trend Micro OfficeScan4
Pragyan CMS4
D-Link DIR Router2
NexusPHP2
PHP2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1PHP _pdo_pqsql_error desbordamiento de búfer7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.00
2VMware Zimbra Collection Suite Web Application autenticación débil5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001330.00CVE-2013-5119
3VMware Zimbra Collaboration Suite Ajx%20TemplateMsg.js.zgz directory traversal5.35.3$5k-$25k$0-$5kHighNot Defined0.973370.05CVE-2013-7091
4VMware Zimbra aspell.php cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.028550.00CVE-2013-1938
5PHP denegación de servicio3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.02
6D-Link DIR Router _show_info.php escalada de privilegios5.45.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.000000.00
7Zend Framework Configuration File application.ini divulgación de información9.89.0$25k-$100k$0-$5kProof-of-ConceptWorkaround0.000000.00
8SquirrelMail Request Path divulgación de información5.35.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
9WordPress edit-tags.php escalada de privilegios6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
10phpMyAdmin Error Message view_create.php CREATE cross site scripting5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000640.02CVE-2013-3742
11phpMyAdmin tbl_chart.js cross site scripting6.15.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001010.00CVE-2013-4997
12cPanel WHM LogMeIn autenticación débil6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
13Palo Alto PAN-OS import.certificate.php autenticación débil4.44.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
14PHP OBJECT parse_iso_intervals.c DateInterval desbordamiento de búfer5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.589720.02CVE-2013-6712
15WordPress Credentials options-writing.php escalada de privilegios8.17.7$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.000000.00
16MediaWiki Deleted Page ApiQueryLogEvents.php divulgación de información5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003810.00CVE-2013-6472
17phpBB Exception denegación de servicio5.34.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
18Drupal Taxonomy Module escalada de privilegios5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.001880.02CVE-2014-1476
19Trend Micro OfficeScan Proxy.php escalada de privilegios8.58.5$5k-$25k$0-$5kHighNot Defined0.647080.02CVE-2017-11394
20Trend Micro OfficeScan Proxy.php escalada de privilegios8.58.5$5k-$25k$0-$5kHighNot Defined0.129440.00CVE-2017-11393

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
146.4.111.124static.124.111.4.46.clients.your-server.deRibaj2022-04-12verifiedAlto
2XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxx2022-04-12verifiedAlto
3XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxx2022-04-12verifiedAlto
4XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxx2022-04-12verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/configs/application.inipredictiveAlto
2File/ossim/report/wizard_email.phppredictiveAlto
3Fileadmin/editadgroup.phppredictiveAlto
4Fileadminpanel/modules/pro/inc/ajax.phppredictiveAlto
5Filedapur\apps\app_config\sys_config.phppredictiveAlto
6Fileedit-tags.phppredictiveAlto
7Filexxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxpredictiveAlto
8Filexxx/xxxx/xxx/xxxxx_xxx_xxxxxxxxx.xpredictiveAlto
9Filexxxxxxxxxxx.xxxpredictiveAlto
10Filexxxxxx.xxxxxxxxxxx.xxxpredictiveAlto
11Filexxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
12Filexxxxxx/xxxxx_xxxxx/xxx_xxxxxx_xxxxx.xxxpredictiveAlto
13Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxpredictiveAlto
14Filexxx_xxxxx_xxxx.xpredictiveAlto
15Filexxxxxx.xxxpredictiveMedio
16Filexxxxx.xxxpredictiveMedio
17Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveAlto
18Filexxxxxxxxx.xxxpredictiveAlto
19Filexxx/xxx/xxxxxx.xxxpredictiveAlto
20Filexxxxxxxx.xxxpredictiveMedio
21Filexxx_xxxxx.xxpredictiveMedio
22Filexxxxxxx.xxxpredictiveMedio
23Filexxxxxxxxxxx.xxxpredictiveAlto
24Filexxxx_xxxxxx.xxxpredictiveAlto
25Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveAlto
26File_xxxx_xxxx.xxxpredictiveAlto
27Libraryxxx/xxxxx.xxx.xxxpredictiveAlto
28Argument$_xxx['xxx_xxxxx']predictiveAlto
29Argument$_xxx['xxxxxxx']predictiveAlto
30ArgumentxxxxxpredictiveBajo
31ArgumentxxxxxxxxxxpredictiveMedio
32ArgumentxxxxxxxpredictiveBajo
33Argumentxxxxx_xxxxpredictiveMedio
34ArgumentxxxxxxpredictiveBajo
35Argumentxxxxxxx_xxxxpredictiveMedio
36Argumentxxxxxxx_xxxxpredictiveMedio
37Argumentxxxxxx_xxpredictiveMedio
38ArgumentxxxxxxxxxxxpredictiveMedio
39Argumentxxxx_xxxxpredictiveMedio
40ArgumentxxxxpredictiveBajo
41ArgumentxxxxpredictiveBajo
42ArgumentxxpredictiveBajo
43ArgumentxxxxxxxxxxxxxpredictiveAlto
44Argumentxx_xxxx_xxxxxpredictiveAlto
45Argument_xx_xxxx_xxxxxxx/_xx_xxxxxxxx_xxxx_xxxxxxxpredictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!