cyber_threat_intelligence/actors/Ripprbot

Ripprbot - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Ripprbot. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.ripprbot

Campaigns

The following campaigns are known and can be associated with Ripprbot:

• DDoS Ukraine

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Ripprbot:

• US
• PT
• CN
• ...

There are 2 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Ripprbot.

ID	IP address	Hostname	Campaign	Confidence
1	171.22.109.201	-	DDoS Ukraine	High
2	212.192.246.183	-	DDoS Ukraine	High
3	212.192.246.186	-	DDoS Ukraine	High

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Ripprbot. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-21, CWE-22, CWE-23	Pathname Traversal	High
2	T1059	CWE-94	Cross Site Scripting	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
4	...	...	...	...

There are 14 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Ripprbot. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	/about.php	Medium
2	File	/admin.php	Medium
3	File	/admin/doctors/view_doctor.php	High
4	File	/admin/modules/bibliography/index.php	High
5	File	/admin/students/manage.php	High
6	File	/adminlogin.asp	High
7	File	/app/controller/Books.php	High
8	File	/aqpg/users/login.php	High
9	File	/controller/Index.php	High
10	File	/coreframe/app/content/admin/content.php	High
11	File	/dl/dl_print.php	High
12	File	/etc/master.passwd	High
13	File	/etc/passwd	Medium
14	File	/goform/AddSysLogRule	High
15	File	/goform/Diagnosis	High
16	File	/Hospital-Management-System-master/contact.php	High
17	File	/include/friends.inc.php	High
18	File	/index.php?module=configuration/application	High
19	File	/members/view_member.php	High
20	File	/services/view_service.php	High
21	File	/servlet/webacc	High
22	File	/sitemagic/upgrade.php	High
23	File	/userui/ticket_list.php	High
24	File	/wp-admin/options-general.php	High
25	File	/zm/index.php	High
26	File	abook_database.php	High
27	File	accounts/inc/include.php	High
28	File	adaptive-images-script.php	High
29	File	additem.asp	Medium
30	File	addtocart.asp	High
31	File	adherents/subscription/info.php	High
32	File	admin.asp	Medium
33	File	admin.php	Medium
34	File	admin/admin.php	High
35	File	admin/admin_users.php	High
36	File	admin/article_save.php	High
37	File	admin/general.php	High
38	File	admin/header.php	High
39	File	admin/inc/change_action.php	High
40	File	admin/index.php	High
41	File	admin/info.php	High
42	File	admin/login.asp	High
43	File	admin/manage-comments.php	High
44	File	admin/manage-news.php	High
45	File	admin/plugin-settings.php	High
46	File	admin/specials.php	High
47	File	admin:de	Medium
48	File	admincp/auth/checklogin.php	High
49	File	admincp/auth/secure.php	High
50	File	administrator/components/com_media/helpers/media.php	High
51	File	administrator/index.php	High
52	File	admin_login.asp	High
53	File	adv_search.asp	High
54	File	ajax_url.php	Medium
55	File	album_portal.php	High
56	File	al_initialize.php	High
57	File	anjel.index.php	High
58	File	annonces-p-f.php	High
59	File	announce.php	Medium
60	File	announcement.php	High
61	File	announcements.php	High
62	File	app/admin/routing/edit-bgp-mapping-search.php	High
63	File	application/config/config.php	High
64	File	application/controllers/basedata/inventory.php	High
65	File	apply.cgi	Medium
66	File	apps/app_article/controller/rating.php	High
67	File	article.php	Medium
68	File	articles.php	Medium
69	File	artikel_anzeige.php	High
70	File	auktion.cgi	Medium
71	File	auth.php	Medium
72	File	authfiles/login.asp	High
73	File	basket.php	Medium
74	File	books.php	Medium
75	File	browse-category.php	High
76	File	browse.php	Medium
77	File	browse_videos.php	High
78	File	BrudaNews/BrudaGB	High
79	File	bwlist_inc.html	High
80	File	calendar.php	Medium
81	File	callme_page.php	High
82	File	cart.php	Medium
83	File	cart_add.php	Medium
84	File	case.filemanager.php	High
85	File	catalog.php	Medium
86	File	catalogshop.php	High
87	File	catalogue.asp	High
88	File	category.cfm	Medium
89	File	category.php	Medium
90	File	category_list.php	High
91	File	cgi-bin/awstats.pl	High
92	File	channel.asp	Medium
93	File	ChooseCpSearch.php	High
94	File	cmd.exe	Low
95	...	...	...

There are 836 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

• https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/

Literature

The following articles explain our unique predictive cyber threat intelligence:

• VulDB Cyber Threat Intelligence Documentation
• Cyber Threat Intelligence - Early Anticipation of Attacks

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!