BBtok Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Chronologie

Langue

en56
de4
it4
es2

De campagne

us66

Acteurs

BBtok3
RedLine Stealer2
Ave Maria2
Nanocore RAT1
NjRAT1

Activités

Intérêt

Chronologie

Taper

Not Defined12
Content Management System10
Web Browser2
Virtualization Software2
Forum Software2

Fournisseur

Not Defined14
Virtual Programming2
Google2
DESTOON2
Genetechsolutions2

Produit

Serendipity4
ASP Portal2
Virtual Programming VP-ASP2
Google Chrome2
DESTOON B2B2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.78CVE-2010-0966
2OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
3YaBB cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001720.03CVE-2005-4426
4WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
5Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
6deV!Lz Clanportal index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003420.00CVE-2008-4889
7Horde Webmail Redirect go.php elévation de privilèges5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.000000.02
8Adobe Flash Player Concurrency buffer overflow8.07.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.947810.00CVE-2017-2930
9D-Link DIR-865L register_send.php authentification faible7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
10MyBB Remote Code Execution9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.003410.00CVE-2015-2786
11Linux Foundation Xen EFLAGS Register SYSENTER elévation de privilèges6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
12Mike Spice My Classifieds classifieds.cgi elévation de privilèges5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005400.00CVE-2002-1600
13Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.05CVE-2004-0300
14Webmin view_man.cgi cross site scripting5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002130.00CVE-2017-9313
15SAS Web Report Studio javascript: URL logonAndRender.do cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000890.00CVE-2022-25256
16Access Demo Importer Plugin AJAX Action demo-functions.php plugin_offline_installer elévation de privilèges8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.004050.00CVE-2021-39317
17LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.25
18Serendipity exit.php elévation de privilèges6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.17
193S-Smart CODESYS Web Server XML buffer overflow8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001830.00CVE-2017-6025
20YaBB yabb.pl cross site request forgery8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.015220.00CVE-2004-2403

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1147.124.213.152BBtok20/09/2023verifiedÉlevé
2XXX.XXX.XXX.XXXXxxxx23/10/2023verifiedÉlevé
3XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxx23/10/2023verifiedÉlevé
4XXX.XXX.XXX.XXXXxxxx20/09/2023verifiedÉlevé

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
2T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/forum/away.phppredictiveÉlevé
2File/horde/util/go.phppredictiveÉlevé
3File/inc/HTTPClient.phppredictiveÉlevé
4File/SASWebReportStudio/logonAndRender.dopredictiveÉlevé
5Fileaddentry.phppredictiveMoyen
6Fileadd_edit_cat.asppredictiveÉlevé
7Filexxxxx/xxxxxxxx.xxx.xxxpredictiveÉlevé
8Filexxxx.xxxpredictiveMoyen
9Filexxxxxxxx.xxxpredictiveMoyen
10Filexxxxxxxxxxx.xxxpredictiveÉlevé
11Filexxxxxxx.xxxpredictiveMoyen
12Filexxxx.xxxpredictiveMoyen
13Filexxxx.xxxpredictiveMoyen
14Filexxx/xxxxxx.xxxpredictiveÉlevé
15Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveÉlevé
17Filexxxxx.xxxpredictiveMoyen
18Filexxxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
19Filexxx/xxxx_xxx.xxxpredictiveÉlevé
20Filexxxx.xxxpredictiveMoyen
21Filexxxx.xxxpredictiveMoyen
22Filexxxxxxxx_xxxx.xxxpredictiveÉlevé
23Filexxxx.xxxpredictiveMoyen
24Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
25Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveÉlevé
26Filexx-xxxxx.xxxpredictiveMoyen
27Filexxxx.xxpredictiveFaible
28File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveÉlevé
29ArgumentxxxxxxxxpredictiveMoyen
30ArgumentxxxpredictiveFaible
31ArgumentxxxxxxxxxpredictiveMoyen
32ArgumentxxxxxxxxpredictiveMoyen
33Argumentxxxxxxxx[xxxxxxx]predictiveÉlevé
34Argumentxxx_xxpredictiveFaible
35ArgumentxxxpredictiveFaible
36ArgumentxxxxpredictiveFaible
37ArgumentxxpredictiveFaible
38ArgumentxxxxpredictiveFaible
39ArgumentxxpredictiveFaible
40ArgumentxxxpredictiveFaible
41ArgumentxxxxxpredictiveFaible
42Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictiveÉlevé
43ArgumentxxxpredictiveFaible
44ArgumentxxxpredictiveFaible
45ArgumentxxxpredictiveFaible
46ArgumentxxxxxpredictiveFaible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!