BBtok Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en62
es2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us66

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BBtok3
RedLine Stealer2
Ave Maria2
Nanocore RAT1
NjRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Content Management System8
Forum Software4
Network Camera Software2
Multimedia Player Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
AXIS2
Adobe2
Google2
DESTOON2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

YaBB4
Serendipity2
ASP Portal2
AXIS 2110 Network Camera2
Adobe Flash Player2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.51CVE-2010-0966
2OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
3YaBB cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001720.00CVE-2005-4426
4WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
5Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
6deV!Lz Clanportal index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003420.00CVE-2008-4889
7Horde Webmail Redirect go.php privileges management5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.000000.00
8Adobe Flash Player Concurrency memory corruption8.07.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.947810.00CVE-2017-2930
9D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.04CVE-2013-3096
10MyBB Remote Code Execution9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.003410.00CVE-2015-2786
11Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
12Mike Spice My Classifieds classifieds.cgi privileges management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005400.00CVE-2002-1600
13Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.08CVE-2004-0300
14Webmin view_man.cgi cross site scripting5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002130.00CVE-2017-9313
15SAS Web Report Studio javascript: URL logonAndRender.do cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000890.00CVE-2022-25256
16Access Demo Importer Plugin AJAX Action demo-functions.php plugin_offline_installer improper authorization8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.004050.00CVE-2021-39317
17LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.09
18Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.29
193S-Smart CODESYS Web Server XML memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001830.00CVE-2017-6025
20YaBB yabb.pl cross-site request forgery8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.015220.00CVE-2004-2403

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1147.124.213.152BBtok09/20/2023verifiedHigh
2XXX.XXX.XXX.XXXXxxxx10/23/2023verifiedHigh
3XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxx10/23/2023verifiedHigh
4XXX.XXX.XXX.XXXXxxxx09/20/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/horde/util/go.phppredictiveHigh
3File/inc/HTTPClient.phppredictiveHigh
4File/SASWebReportStudio/logonAndRender.dopredictiveHigh
5Fileaddentry.phppredictiveMedium
6Fileadd_edit_cat.asppredictiveHigh
7Filexxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxx.xxxpredictiveMedium
13Filexxxx.xxxpredictiveMedium
14Filexxx/xxxxxx.xxxpredictiveHigh
15Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
19Filexxx/xxxx_xxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxx_xxxx.xxxpredictiveHigh
23Filexxxx.xxxpredictiveMedium
24Filexxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
26Filexx-xxxxx.xxxpredictiveMedium
27Filexxxx.xxpredictiveLow
28File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxpredictiveLow
31ArgumentxxxxxxxxxpredictiveMedium
32ArgumentxxxxxxxxpredictiveMedium
33Argumentxxxxxxxx[xxxxxxx]predictiveHigh
34Argumentxxx_xxpredictiveLow
35ArgumentxxxpredictiveLow
36ArgumentxxxxpredictiveLow
37ArgumentxxpredictiveLow
38ArgumentxxxxpredictiveLow
39ArgumentxxpredictiveLow
40ArgumentxxxpredictiveLow
41ArgumentxxxxxpredictiveLow
42Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictiveHigh
43ArgumentxxxpredictiveLow
44ArgumentxxxpredictiveLow
45ArgumentxxxpredictiveLow
46ArgumentxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!