BBtok Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Curso de tempo

Idioma

en62
de2
es2

País

us66

Actores

BBtok3
Ave Maria2
RedLine Stealer2
Nanocore RAT1
NjRAT1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined18
Content Management System8
Reporting Software2
Chat Software2
Web Browser2

Fabricante

Not Defined18
Virtual Programming2
SAS2
DESTOON2
Web4Future2

Produto

Virtual Programming VP-ASP2
SAS Web Report Studio2
DokuWiki2
OpenBB2
Devilz Clanportal2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.60CVE-2010-0966
2OpenBB read.php Injecção SQL7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.00CVE-2005-1612
3YaBB Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001720.03CVE-2005-4426
4WoltLab Burning Book addentry.php Injecção SQL7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
5Devilz Clanportal Injecção SQL7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
6deV!Lz Clanportal index.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.003420.00CVE-2008-4889
7Horde Webmail Redirect go.php direitos alargados5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.000000.04
8Adobe Flash Player Concurrency Excesso de tampão8.07.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.947810.00CVE-2017-2930
9D-Link DIR-865L register_send.php Fraca autenticação7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.08CVE-2013-3096
10MyBB Remote Code Execution9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.003410.00CVE-2015-2786
11Linux Foundation Xen EFLAGS Register SYSENTER direitos alargados6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
12Mike Spice My Classifieds classifieds.cgi direitos alargados5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005400.00CVE-2002-1600
13Ecommerce Online Store Kit shop.php Injecção SQL9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.08CVE-2004-0300
14Webmin view_man.cgi Roteiro Cruzado de Sítios5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002130.00CVE-2017-9313
15SAS Web Report Studio javascript: URL logonAndRender.do Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000890.00CVE-2022-25256
16Access Demo Importer Plugin AJAX Action demo-functions.php plugin_offline_installer direitos alargados8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.004050.00CVE-2021-39317
17LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.25
18Serendipity exit.php direitos alargados6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.26
193S-Smart CODESYS Web Server XML Excesso de tampão8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001830.00CVE-2017-6025
20YaBB yabb.pl Falsificação de Pedido Cross Site8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.015220.00CVE-2004-2403

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
1147.124.213.152BBtok20/09/2023verifiedAlto
2XXX.XXX.XXX.XXXXxxxx23/10/2023verifiedAlto
3XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxx23/10/2023verifiedAlto
4XXX.XXX.XXX.XXXXxxxx20/09/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/forum/away.phppredictiveAlto
2File/horde/util/go.phppredictiveAlto
3File/inc/HTTPClient.phppredictiveAlto
4File/SASWebReportStudio/logonAndRender.dopredictiveAlto
5Fileaddentry.phppredictiveMédio
6Fileadd_edit_cat.asppredictiveAlto
7Filexxxxx/xxxxxxxx.xxx.xxxpredictiveAlto
8Filexxxx.xxxpredictiveMédio
9Filexxxxxxxx.xxxpredictiveMédio
10Filexxxxxxxxxxx.xxxpredictiveAlto
11Filexxxxxxx.xxxpredictiveMédio
12Filexxxx.xxxpredictiveMédio
13Filexxxx.xxxpredictiveMédio
14Filexxx/xxxxxx.xxxpredictiveAlto
15Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveAlto
17Filexxxxx.xxxpredictiveMédio
18Filexxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
19Filexxx/xxxx_xxx.xxxpredictiveAlto
20Filexxxx.xxxpredictiveMédio
21Filexxxx.xxxpredictiveMédio
22Filexxxxxxxx_xxxx.xxxpredictiveAlto
23Filexxxx.xxxpredictiveMédio
24Filexxxxxxxxxxxxxx.xxxpredictiveAlto
25Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
26Filexx-xxxxx.xxxpredictiveMédio
27Filexxxx.xxpredictiveBaixo
28File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveAlto
29ArgumentxxxxxxxxpredictiveMédio
30ArgumentxxxpredictiveBaixo
31ArgumentxxxxxxxxxpredictiveMédio
32ArgumentxxxxxxxxpredictiveMédio
33Argumentxxxxxxxx[xxxxxxx]predictiveAlto
34Argumentxxx_xxpredictiveBaixo
35ArgumentxxxpredictiveBaixo
36ArgumentxxxxpredictiveBaixo
37ArgumentxxpredictiveBaixo
38ArgumentxxxxpredictiveBaixo
39ArgumentxxpredictiveBaixo
40ArgumentxxxpredictiveBaixo
41ArgumentxxxxxpredictiveBaixo
42Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictiveAlto
43ArgumentxxxpredictiveBaixo
44ArgumentxxxpredictiveBaixo
45ArgumentxxxpredictiveBaixo
46ArgumentxxxxxpredictiveBaixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!