Pony Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (514)

Chronologie

Langue

en504
ru4
de4
zh2

De campagne

us18
ru6
it2

Acteurs

Pony4
Agrius1
Kuluoz1
TA5051
RedLine Stealer1

Activités

Intérêt

Chronologie

Taper

Not Defined130
Operating System44
Smartphone Operating System42
Web Browser32
Content Management System24

Fournisseur

Not Defined134
Apple48
Microsoft42
Google36
Oracle30

Produit

Google Android30
Microsoft Windows22
Apple macOS16
Apple iOS10
Mozilla Firefox10

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966
2PHP Outburst Easynews admin.php buffer overflow7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.059210.02CVE-2006-5412
3Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.08CVE-2006-6339
4Adobe Flash Player Display Object buffer overflow8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.013460.00CVE-2017-3071
5XmlMapper in the Data format Extension DTD XML External Entity8.48.4$0-$5k$0-$5kNot DefinedNot Defined0.001890.00CVE-2016-7051
6IBM Platform LSF Local Privilege Escalation8.38.3$5k-$25k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-1205
7Faveo rolechangeadmin cross site request forgery6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004010.00CVE-2017-7571
8Jasper jpc_tsfb.c jpc_tsfb_synthesize dénie de service6.45.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2016-10248
9Rapid7 Metasploit Framework Installer elévation de privilèges6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2017-5235
10Aruba AirWave XML External Entity7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006830.00CVE-2016-8526
11JustSystems Ichitaro Office Excel File buffer overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.004700.00CVE-2017-2790
12Facebook HHVM compact dénie de service7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002830.00CVE-2016-6873
13HPE Smart Storage Administrator elévation de privilèges8.87.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.177900.04CVE-2016-8523
14Intelliants Subrion CMS ia.core.users.php elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003140.02CVE-2017-5543
15Apple tvOS WebKit divulgation de l'information6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.003750.00CVE-2016-7598
16Netgear R6250/R6400/R6700/R7000/R7100LG/R7300/R7900/R8000 URL cross site request forgery8.07.8$5k-$25k$0-$5kHighOfficial Fix0.974710.02CVE-2016-6277
17Tatsuya Kinoshita w3m buffer overflow6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.004480.00CVE-2016-9627
18SPIP plonger.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001270.02CVE-2016-9152
19BlueZ Dump File packet.c l2cap_packet buffer overflow5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003100.02CVE-2016-9802
20dotCMS JSONTags Servlet sql injection8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004460.02CVE-2016-8905

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
146.161.1.172free.gbnhost.comPony05/04/2022verifiedÉlevé
266.175.212.2566-175-212-25.ip.linodeusercontent.comPony18/12/2023verifiedÉlevé
381.177.22.179cl.hostlix.ruPony05/04/2022verifiedÉlevé
4XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxxx.xxxxxxxxxxxxx.xxXxxx05/04/2022verifiedÉlevé
5XX.XXX.XX.XXXxxxx-xx-xxx.xxx.xxxxxxx.xxXxxx05/04/2022verifiedÉlevé
6XX.XX.XX.XXxx.xxx-xx-xx-xx.xxxxxxxxx.xxxx-xxx.xxxXxxx05/04/2022verifiedÉlevé
7XX.XXX.XX.XXXxxx05/04/2022verifiedÉlevé
8XX.XXX.XXX.XXxxxxxxxxx.xxXxxx05/04/2022verifiedÉlevé
9XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxx.xxxXxxx05/04/2022verifiedÉlevé
10XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxx.xxxxxxxx.xxXxxx05/04/2022verifiedÉlevé
11XXX.XX.XXX.XXXxxx31/05/2023verifiedÉlevé
12XXX.XXX.XXX.XXxxxx-xxx-xx.xxx.xxxxxxx.xxXxxx05/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
4T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveÉlevé
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé

IOA - Indicator of Attack (187)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/predictiveFaible
2File/admin/featured.phppredictiveÉlevé
3File/admin/slider.phppredictiveÉlevé
4File/admin/users.phppredictiveÉlevé
5File/apiclient/ember/index.jsppredictiveÉlevé
6File/category.phppredictiveÉlevé
7File/cgi/ansipredictiveMoyen
8File/dev/datum/predictiveMoyen
9File/getImagepredictiveMoyen
10File/goform/predictiveMoyen
11File/holiday.phppredictiveMoyen
12File/home/dna/spool/.pfilepredictiveÉlevé
13File/html/feed.phppredictiveÉlevé
14File/inc/campaign/view-campaign-list.phppredictiveÉlevé
15File/index.phppredictiveMoyen
16File/install/index.phppredictiveÉlevé
17File/lists/index.phppredictiveÉlevé
18File/myAccountpredictiveMoyen
19File/real-estate-script/search_property.phppredictiveÉlevé
20File/SAAS/WEB-INFpredictiveÉlevé
21File/searchpin.phppredictiveÉlevé
22File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictiveÉlevé
23File/xxxxxxxxxxxx/xxxx_xxx_x.xxxpredictiveÉlevé
24Filexxxxxxx/xxxxxx.xxxpredictiveÉlevé
25Filexxxxx.xxxpredictiveMoyen
26Filexxxxx/xxxxx_xxxxxxx.xxxpredictiveÉlevé
27Filexxxxx/xxxxxx.xxxpredictiveÉlevé
28Filexxxxx_xxx_xxxx.xxxpredictiveÉlevé
29Filexxxxxxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveÉlevé
30Filexxxx\xxxxx\xxxxxxxxxx\xxxxxxx\xxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
31Filexxx/xxxx/xxxx/xxxx_xxxxx_xxxx_xxxxx.xpredictiveÉlevé
32Filexxxx/xxxxxx.xpredictiveÉlevé
33Filexxxx/xxxxxxxxx.xxxpredictiveÉlevé
34Filexxxxxx.xpredictiveMoyen
35Filexxxxxx_xx.xpredictiveMoyen
36Filexxx.xxpredictiveFaible
37Filexxxxxxxx_xxxxxxxxx.xxxpredictiveÉlevé
38FilexxxxxxxxxxxxxxxxxpredictiveÉlevé
39Filexxx.xxxpredictiveFaible
40Filexxxxxx/xxx.xpredictiveMoyen
41Filexxxxxx/xxx_xxxxxxx.xpredictiveÉlevé
42Filexxxxxxxxx-xxxxxx-xxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveÉlevé
43Filexx-xxxxxxxx.xpredictiveÉlevé
44Filexxx_xx_xxx.xpredictiveMoyen
45Filexxx_xx_xxxxxx.xpredictiveÉlevé
46Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
47Filexxxxxxx/xxxx/xxxxxx_xxxxxxx.xpredictiveÉlevé
48Filexxxxxxx/xxx/xxx/xxx/xxx_xxx.xpredictiveÉlevé
49Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveÉlevé
50Filexxxxx_xxxx.xpredictiveMoyen
51Filexxxxxx/xxxx/xxxxxxx.xxxpredictiveÉlevé
52Filexxxxxxx.xxxpredictiveMoyen
53Filexxxxxxx.xpredictiveMoyen
54Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
55Filexxxxx.xpredictiveFaible
56Filexxx/xxxx/xxxx.xpredictiveÉlevé
57Filexxxxxxx.xpredictiveMoyen
58Filexxxx/xxxxxx/xxxxxxxx/xxxx_x.xxxpredictiveÉlevé
59Filexxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
60Filexxxxxxx-xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx/xxxxxxxx_xxxxxxxxx.xxxpredictiveÉlevé
61Filexxxxxxxxxxxxx.xpredictiveÉlevé
62Filexxx-xxxxxx-xxx.xpredictiveÉlevé
63Filexxx-xxxx/xxx/xxxx/xxxx-xxxxx.xpredictiveÉlevé
64Filexxxxxxxxx.xxxpredictiveÉlevé
65Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveÉlevé
66Filexxx.xxxpredictiveFaible
67Filexxxxxx-xxx.xpredictiveMoyen
68Filexxxxxx-xxxx.xpredictiveÉlevé
69Filexxx/xxxxxx.xxxpredictiveÉlevé
70Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
71Filexxxxxxxx/xxxxxxx/xx.xxxx.xxxxx.xxxpredictiveÉlevé
72Filexxxxx.xxxpredictiveMoyen
73Filexxxxxxx/xxxxx.xxxpredictiveÉlevé
74Filexxxx/x_xxxxxxxxxxxx.xpredictiveÉlevé
75Filexxxxx_xxxxxxx.xpredictiveÉlevé
76Filexxx_xxxx.xpredictiveMoyen
77Filexxxxxx/xxxxxx/xxxx.xpredictiveÉlevé
78Filexxxx/xxxxxx.xxxpredictiveÉlevé
79Filexxxxxx/xxxxxxxx.xxpredictiveÉlevé
80Filexxxxx/xxxxxxx.xpredictiveÉlevé
81Filexxxxxxxxx/xxx/xxx_xxx.xpredictiveÉlevé
82Filexxxxxxxx.xxpredictiveMoyen
83Filexxxx/xxx/x/xxx_xxxxxx.xpredictiveÉlevé
84Filexxxx/xxx/x/xxx_xxxx.xpredictiveÉlevé
85Filexxxxxxx/xxx_xxxxx.xpredictiveÉlevé
86Filexxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
87Filexxx_xxxxx_xxx.xxxpredictiveÉlevé
88Filexxxxxx/xxxxxx.xpredictiveÉlevé
89Filexxxxxx/xxx-xxxx.xpredictiveÉlevé
90Filexxxxxx.xxpredictiveMoyen
91Filexxxxxxx.xpredictiveMoyen
92Filexxxxxxx/xxxxxx.xpredictiveÉlevé
93Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxxxx.xpredictiveÉlevé
94Filexxx/xxxx/xxxx.xpredictiveÉlevé
95Filexxx/xxxxxx/xx_xxxxxx.xpredictiveÉlevé
96Filexxxxxxxxx.xpredictiveMoyen
97Filexxxxxxxx.xxxpredictiveMoyen
98Filexxxxxx.xpredictiveMoyen
99Filexxxxxxx.xxxpredictiveMoyen
100Filexxxxx-xxxxx.xpredictiveÉlevé
101Filexxxxx-xxx.xpredictiveMoyen
102Filexxxxxx/xxxxxxxxxxxxxxxpredictiveÉlevé
103Filexxxxxxx/xxxxxx:xx.x.xpredictiveÉlevé
104Filexxxxxxxx.xxxpredictiveMoyen
105Filexxxxxxxx_xxxx.xxxpredictiveÉlevé
106Filexxxx-xxx/xxxxxxxx.xxxpredictiveÉlevé
107Filexxxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
108Filexxxxx/xxxxxxx/xxxxx/xxxxxx.xxxpredictiveÉlevé
109Filexxxxxx_xxxxxxx-xxxxxx/xxxxxxxx/xxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveÉlevé
110Filexxx_xxx.xpredictiveMoyen
111Filexxx_xxxxxxxx.xpredictiveÉlevé
112Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
113Filexxxxx/xxxxxx/xxx.xpredictiveÉlevé
114Filexxxxx/xxxxxx/xxxxx.xpredictiveÉlevé
115Filexxxxx/xxxxxxxx.xpredictiveÉlevé
116Filexxxxxx.xxxpredictiveMoyen
117Filexxxxxxxxxxx-xxxxxx/xxx/xxxxx/xxxx.xxxpredictiveÉlevé
118Filexx-xxxxx.xxxpredictiveMoyen
119Filexxxx/xxxxxpredictiveMoyen
120Filexxxx.xxpredictiveFaible
121Filexxxxxxxxxx-xxxxxx/xxx/xxxxx/xxxxxxx/xxxxx/xx/xxxxxxxxx.xx.xxxpredictiveÉlevé
122Library/xxx/xxx/xxxx/predictiveÉlevé
123Libraryxxxxx.xxxpredictiveMoyen
124Libraryxxx/xxx/xxxxxxx/xxxxxxx/xxxxx.xxxxxxx.xxxpredictiveÉlevé
125Libraryxxxxxxxx.xxxpredictiveMoyen
126Libraryxxxxxx.xxxpredictiveMoyen
127Argument$xxxx['xxx']predictiveMoyen
128Argument--xx xxxpredictiveMoyen
129ArgumentxxxxxxpredictiveFaible
130ArgumentxxxxxxxxxpredictiveMoyen
131ArgumentxxxxxxxxxxxxpredictiveMoyen
132ArgumentxxxxxxxxpredictiveMoyen
133ArgumentxxxxxxxpredictiveFaible
134ArgumentxxxxxpredictiveFaible
135Argumentxxxxx_xxpredictiveMoyen
136ArgumentxxxxpredictiveFaible
137Argumentxxxxxxxx/xxxx/xxx/xxxxxxxxxxx/xxxxxpredictiveÉlevé
138Argumentxxxxxx_xxxpredictiveMoyen
139Argumentxxxxxx.xxxx[]/xxxxxx.xxxxx[]predictiveÉlevé
140ArgumentxxxxxxxxxxxpredictiveMoyen
141Argumentxx_xxxxx_xxpredictiveMoyen
142ArgumentxxxxpredictiveFaible
143ArgumentxxxxxxxxpredictiveMoyen
144ArgumentxxxxxxxxpredictiveMoyen
145Argumentxxxxxx[xxxxx][xxxxx][x][xxx]predictiveÉlevé
146Argumentxxx->xxxpredictiveMoyen
147ArgumentxxxpredictiveFaible
148ArgumentxxxxpredictiveFaible
149ArgumentxxpredictiveFaible
150ArgumentxxxxxxxxxxpredictiveMoyen
151Argumentxxxxx_xxxpredictiveMoyen
152ArgumentxxxxpredictiveFaible
153Argumentxxx_xxx:xxxxxxpredictiveÉlevé
154Argumentxxxxx_xxpredictiveMoyen
155ArgumentxxxxxpredictiveFaible
156ArgumentxxxxxxxxpredictiveMoyen
157ArgumentxxxxxxxxxxxxxxpredictiveÉlevé
158Argumentxxxxxxxx_xxxpredictiveMoyen
159ArgumentxxxpredictiveFaible
160ArgumentxxxxxxxpredictiveFaible
161ArgumentxxxxxxxpredictiveFaible
162ArgumentxxxxxxxxxxxpredictiveMoyen
163ArgumentxxpredictiveFaible
164ArgumentxxxxxxxpredictiveFaible
165ArgumentxxxxpredictiveFaible
166Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveÉlevé
167ArgumentxxxxxxxxxxxxpredictiveMoyen
168ArgumentxxxxxxxxpredictiveMoyen
169ArgumentxxxxxxxxpredictiveMoyen
170Argumentxxxxxxxx/xxxxpredictiveÉlevé
171ArgumentxxxxxxxxpredictiveMoyen
172Argumentxxxxxxxx/xxxxxxx_xxxxpredictiveÉlevé
173Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
174Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveÉlevé
175Input Value'xx''='predictiveFaible
176Input Value-x+xxxxx+xxxxxx+x,x,xxxxxxx()predictiveÉlevé
177Input Value..\/predictiveFaible
178Input Value/xxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxx/x&xxxx;)"%xxxxxxxxx=xxxxx('xxx');%xxxxxxxxxxx%xxx='/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxpredictiveÉlevé
179Input ValuexxxxpredictiveFaible
180Input Value;[xxxxxxx]predictiveMoyen
181Input ValuexxxxpredictiveFaible
182Input Valuexxxxx!predictiveFaible
183Input Value[\x]*predictiveFaible
184Network PortxxpredictiveFaible
185Network PortxxxxpredictiveFaible
186Network Portxxx/xxxxpredictiveMoyen
187Network Portxxx/xxxxxpredictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!