Pony Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	12
pl	2
de	2
es	2
jp	2

Country

us	16
ru	6

Actors

Pony	2
Agrius	1
Kuluoz	1

Activities

Interest

Timeline

Type

Not Defined	10
Router Operating System	2
Forum Software	2

Vendor

Not Defined	4
TeleAdapt	2
Genetechsolutions	2
Thomas R. Pasawicz	2
DZCP	2

Product

TeleAdapt RoomCast TA-2400	2
Genetechsolutions Pie-Register	2
Thomas R. Pasawicz HyperBook Guestbook	2
DZCP deV!L`z Clanportal	2
D-Link DIR-865L	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	1.68	0.00954	CVE-2010-0966
2	PHP Outburst Easynews admin.php memory corruption	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.07	0.04472	CVE-2006-5412
3	Devilz Clanportal sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.05	0.00694	CVE-2006-6339
4	Microsoft Windows Update Orchestrator Service information disclosure	4.8	4.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.05	0.00044	CVE-2023-32041
5	TeleAdapt RoomCast TA-2400 RSA Private Key Update.exe sensitive information in executable	6.9	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00	0.00096	CVE-2023-33742
6	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	10.00	0.00889	CVE-2006-6168
7	D-Link DIR-865L register_send.php improper authentication	7.5	7.1	$5k-$25k	$5k-$25k	Proof-of-Concept	Not Defined	0.05	0.00109	CVE-2013-3096
8	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.04	0.01847	CVE-2007-1192
9	Apple M1 Register s3_5_c15_c10_1 M1RACLES access control	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.04	0.00000	CVE-2021-30747
10	Genetechsolutions Pie-Register wp-login.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00904	CVE-2013-4954
11	YaBB yabb.pl cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08	0.01240	CVE-2004-2402
12	Adobe Flash Player memory corruption	10.0	8.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.01	0.02164	CVE-2014-0507
13	DZCP deV!L`z Clanportal browser.php information disclosure	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.61	0.02257	CVE-2007-1167

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	46.161.1.172	free.gbnhost.com	Pony	04/05/2022	verified	High
2	81.177.22.179	cl.hostlix.ru	Pony	04/05/2022	verified	High
3	82.54.254.143	host-82-54-254-143.retail.telecomitalia.it	Pony	04/05/2022	verified	High
4	XX.XXX.XX.XXX	xxxx-xx-xxx.xxx.xxxxxxx.xx	Xxxx	04/05/2022	verified	High
5	XX.XX.XX.XX	xx.xxx-xx-xx-xx.xxxxxxxxx.xxxx-xxx.xxx	Xxxx	04/05/2022	verified	High
6	XX.XXX.XX.XX		Xxxx	04/05/2022	verified	High
7	XX.XXX.XXX.XX	xxxxxxxxx.xx	Xxxx	04/05/2022	verified	High
8	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxx.xxx	Xxxx	04/05/2022	verified	High
9	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxx.xxxxxxxx.xx	Xxxx	04/05/2022	verified	High
10	XXX.XX.XXX.XX		Xxxx	05/31/2023	verified	High
11	XXX.XXX.XXX.XX	xxxx-xxx-xx.xxx.xxxxxxx.xx	Xxxx	04/05/2022	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CWE-94	Cross Site Scripting	predictive	High
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx Xxxxxxx	predictive	High
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	admin.php	predictive	Medium
2	File	data/gbconfiguration.dat	predictive	High
3	File	inc/config.php	predictive	High
4	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	High
5	File	xxxxxxxx_xxxx.xxx	predictive	High
6	File	xxxx-xxxxxxxx.xxx	predictive	High
7	File	xxxxxx.xxx	predictive	Medium
8	File	xx-xxxxx.xxx	predictive	Medium
9	File	xxxx.xx	predictive	Low
10	Argument	xxxxxxxx	predictive	Medium
11	Argument	xxxxx	predictive	Low
12	Argument	xx_xxxxx_xx	predictive	Medium
13	Argument	xxxx	predictive	Low
14	Argument	xxxxx	predictive	Low
15	Network Port	xx	predictive	Low

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!