BBtok 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

タイムライン

言語

en62
it2
de2

国・地域

us66

アクター

BBtok3
Ave Maria2
RedLine Stealer2
Nanocore RAT1
NjRAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined16
Content Management System6
Network Camera Software2
Web Server2
Forum Software2

ベンダー

Not Defined18
AXIS2
3S-Smart2
Virtual Programming2
Adobe2

製品

Devilz Clanportal2
AXIS 2110 Network Camera2
3S-Smart CODESYS Web Server2
YaBB2
Virtual Programming VP-ASP2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.49CVE-2010-0966
2OpenBB read.php SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
3YaBB クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001720.03CVE-2005-4426
4WoltLab Burning Book addentry.php SQLインジェクション7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
5Devilz Clanportal SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.08CVE-2006-6339
6deV!Lz Clanportal index.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.003420.02CVE-2008-4889
7Horde Webmail Redirect go.php 特権昇格5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.000000.02
8Adobe Flash Player Concurrency メモリ破損8.07.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.947810.00CVE-2017-2930
9D-Link DIR-865L register_send.php 弱い認証7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
10MyBB Remote Code Execution9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.003410.00CVE-2015-2786
11Linux Foundation Xen EFLAGS Register SYSENTER 特権昇格6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
12Mike Spice My Classifieds classifieds.cgi 特権昇格5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005400.00CVE-2002-1600
13Ecommerce Online Store Kit shop.php SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
14Webmin view_man.cgi クロスサイトスクリプティング5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002130.00CVE-2017-9313
15SAS Web Report Studio javascript: URL logonAndRender.do クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000890.00CVE-2022-25256
16Access Demo Importer Plugin AJAX Action demo-functions.php plugin_offline_installer 特権昇格8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.004050.00CVE-2021-39317
17LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.10
18Serendipity exit.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.36
193S-Smart CODESYS Web Server XML メモリ破損8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001830.00CVE-2017-6025
20YaBB yabb.pl 未知の脆弱性8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.015220.00CVE-2004-2403

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1147.124.213.152BBtok2023年09月20日verified
2XXX.XXX.XXX.XXXXxxxx2023年10月23日verified
3XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxx2023年10月23日verified
4XXX.XXX.XXX.XXXXxxxx2023年09月20日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/forum/away.phppredictive
2File/horde/util/go.phppredictive
3File/inc/HTTPClient.phppredictive
4File/SASWebReportStudio/logonAndRender.dopredictive
5Fileaddentry.phppredictive
6Fileadd_edit_cat.asppredictive
7Filexxxxx/xxxxxxxx.xxx.xxxpredictive
8Filexxxx.xxxpredictive
9Filexxxxxxxx.xxxpredictive
10Filexxxxxxxxxxx.xxxpredictive
11Filexxxxxxx.xxxpredictive
12Filexxxx.xxxpredictive
13Filexxxx.xxxpredictive
14Filexxx/xxxxxx.xxxpredictive
15Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxxxxxxx/xxxxxxxx.xxxpredictive
19Filexxx/xxxx_xxx.xxxpredictive
20Filexxxx.xxxpredictive
21Filexxxx.xxxpredictive
22Filexxxxxxxx_xxxx.xxxpredictive
23Filexxxx.xxxpredictive
24Filexxxxxxxxxxxxxx.xxxpredictive
25Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
26Filexx-xxxxx.xxxpredictive
27Filexxxx.xxpredictive
28File~/xxx/xxxx-xxxxxxxxx.xxxpredictive
29Argumentxxxxxxxxpredictive
30Argumentxxxpredictive
31Argumentxxxxxxxxxpredictive
32Argumentxxxxxxxxpredictive
33Argumentxxxxxxxx[xxxxxxx]predictive
34Argumentxxx_xxpredictive
35Argumentxxxpredictive
36Argumentxxxxpredictive
37Argumentxxpredictive
38Argumentxxxxpredictive
39Argumentxxpredictive
40Argumentxxxpredictive
41Argumentxxxxxpredictive
42Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictive
43Argumentxxxpredictive
44Argumentxxxpredictive
45Argumentxxxpredictive
46Argumentxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!