Ribaj Analyse

IOB - Indicator of Behavior (42)

Chronologie

Langue

en38
fr4

De campagne

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

WordPress6
PHP4
Pragyan CMS4
Drupal4
SquirrelMail2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1PHP _pdo_pqsql_error buffer overflow7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00000
2VMware Zimbra Collection Suite Web Application authentification faible5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00133CVE-2013-5119
3VMware Zimbra Collaboration Suite Ajx%20TemplateMsg.js.zgz directory traversal5.35.3$5k-$25k$0-$5kHighNot Defined0.030.97337CVE-2013-7091
4VMware Zimbra aspell.php cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.02855CVE-2013-1938
5PHP dénie de service3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00000
6D-Link DIR Router _show_info.php elévation de privilèges5.45.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.000.00000
7Zend Framework Configuration File application.ini divulgation de l'information9.89.0$25k-$100k$0-$5kProof-of-ConceptWorkaround0.000.00000
8SquirrelMail Request Path divulgation de l'information5.35.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
9WordPress edit-tags.php elévation de privilèges6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00000
10phpMyAdmin Error Message view_create.php CREATE cross site scripting5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00064CVE-2013-3742
11phpMyAdmin tbl_chart.js cross site scripting6.15.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00101CVE-2013-4997
12cPanel WHM LogMeIn authentification faible6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000
13Palo Alto PAN-OS import.certificate.php authentification faible4.44.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00000
14PHP OBJECT parse_iso_intervals.c DateInterval buffer overflow5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.58972CVE-2013-6712
15WordPress Credentials options-writing.php elévation de privilèges8.17.7$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.000.00000
16MediaWiki Deleted Page ApiQueryLogEvents.php divulgation de l'information5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00381CVE-2013-6472
17phpBB Exception dénie de service5.34.7$0-$5kCalculateurProof-of-ConceptOfficial Fix0.000.00000
18Drupal Taxonomy Module elévation de privilèges5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.020.00188CVE-2014-1476
19Trend Micro OfficeScan Proxy.php elévation de privilèges8.58.5$5k-$25k$0-$5kHighNot Defined0.020.64708CVE-2017-11394
20Trend Micro OfficeScan Proxy.php elévation de privilèges8.58.5$5k-$25k$0-$5kHighNot Defined0.000.12944CVE-2017-11393

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
146.4.111.124static.124.111.4.46.clients.your-server.deRibaj12/04/2022verifiedÉlevé
2XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxx12/04/2022verifiedÉlevé
3XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxx12/04/2022verifiedÉlevé
4XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxx12/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/configs/application.inipredictiveÉlevé
2File/ossim/report/wizard_email.phppredictiveÉlevé
3Fileadmin/editadgroup.phppredictiveÉlevé
4Fileadminpanel/modules/pro/inc/ajax.phppredictiveÉlevé
5Filedapur\apps\app_config\sys_config.phppredictiveÉlevé
6Fileedit-tags.phppredictiveÉlevé
7Filexxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxpredictiveÉlevé
8Filexxx/xxxx/xxx/xxxxx_xxx_xxxxxxxxx.xpredictiveÉlevé
9Filexxxxxxxxxxx.xxxpredictiveÉlevé
10Filexxxxxx.xxxxxxxxxxx.xxxpredictiveÉlevé
11Filexxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
12Filexxxxxx/xxxxx_xxxxx/xxx_xxxxxx_xxxxx.xxxpredictiveÉlevé
13Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxpredictiveÉlevé
14Filexxx_xxxxx_xxxx.xpredictiveÉlevé
15Filexxxxxx.xxxpredictiveMoyen
16Filexxxxx.xxxpredictiveMoyen
17Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveÉlevé
18Filexxxxxxxxx.xxxpredictiveÉlevé
19Filexxx/xxx/xxxxxx.xxxpredictiveÉlevé
20Filexxxxxxxx.xxxpredictiveMoyen
21Filexxx_xxxxx.xxpredictiveMoyen
22Filexxxxxxx.xxxpredictiveMoyen
23Filexxxxxxxxxxx.xxxpredictiveÉlevé
24Filexxxx_xxxxxx.xxxpredictiveÉlevé
25Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveÉlevé
26File_xxxx_xxxx.xxxpredictiveÉlevé
27Libraryxxx/xxxxx.xxx.xxxpredictiveÉlevé
28Argument$_xxx['xxx_xxxxx']predictiveÉlevé
29Argument$_xxx['xxxxxxx']predictiveÉlevé
30ArgumentxxxxxpredictiveFaible
31ArgumentxxxxxxxxxxpredictiveMoyen
32ArgumentxxxxxxxpredictiveFaible
33Argumentxxxxx_xxxxpredictiveMoyen
34ArgumentxxxxxxpredictiveFaible
35Argumentxxxxxxx_xxxxpredictiveMoyen
36Argumentxxxxxxx_xxxxpredictiveMoyen
37Argumentxxxxxx_xxpredictiveMoyen
38ArgumentxxxxxxxxxxxpredictiveMoyen
39Argumentxxxx_xxxxpredictiveMoyen
40ArgumentxxxxpredictiveFaible
41ArgumentxxxxpredictiveFaible
42ArgumentxxpredictiveFaible
43ArgumentxxxxxxxxxxxxxpredictiveÉlevé
44Argumentxx_xxxx_xxxxxpredictiveÉlevé
45Argument_xx_xxxx_xxxxxxx/_xx_xxxxxxxx_xxxx_xxxxxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!