Polonium 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (398)

タイムライン

言語

en344
de24
fr12
it6
ru4

国・地域

us232
ru28
gb22
tr18
ag14

アクター

Polonium10
Cobalt Strike7
Vidar2
Redaman2
Sliver2

アクティビティ

関心

タイムライン

タイプ

Not Defined118
Content Management System36
Programming Language Software14
Groupware Software12
WordPress Plugin12

ベンダー

Not Defined150
Microsoft16
Apache14
Adobe6
Synacor6

製品

WordPress12
Microsoft Exchange Server6
Microsoft Windows6
PHP6
phpMyAdmin6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.48CVE-2020-12440
2Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.11CVE-2017-0055
3Popup Builder Plugin ディレクトリトラバーサル6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000880.00CVE-2021-25082
4pfSense pkg.php echo Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.02CVE-2022-23993
5Maran PHP Shop prod.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.001370.03CVE-2008-4879
6Netentsec NS-ASG Application Security Gateway uploadiscgwrouteconf.php SQLインジェクション6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.06CVE-2023-5700
7Rocklobster Contact Form 7 特権昇格6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.850540.04CVE-2020-35489
8Foxit PDF Reader exportXFAData Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07CVE-2023-27363
9Synacor Zimbra Collaboration Suite ClientUploader 特権昇格4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.002030.00CVE-2022-45912
10FileCloud API Endpoint Privilege Escalation6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.001990.00CVE-2022-39833
11Dahua IP Camera/PTZ Dome Camera 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.002360.04CVE-2021-33046
12Bitrix Site Manager redirect.php 特権昇格5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
13Serendipity exit.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.46
14Linux Kernel IPsec idt77252.c tst_timer メモリ破損6.05.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.07CVE-2022-3635
15Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.03CVE-2020-1927
16phpMyAdmin Privileges.php SQLインジェクション7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001450.05CVE-2020-10804
17Hikvision Product Message 特権昇格5.55.5$0-$5k$0-$5kHighNot Defined0.975050.25CVE-2021-36260
18Gallarific PHP Photo Gallery script gallery.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001120.04CVE-2011-0519
19Ecommerce Online Store Kit shop.php SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CreepySnail

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
137.120.233.89no-rdns.m247.comPolonium2022年10月18日verified
245.80.148.119Polonium2022年10月18日verified
345.80.148.167Polonium2022年10月18日verified
445.80.148.186Polonium2022年10月18日verified
545.80.149.22Polonium2022年10月18日verified
6XX.XX.XXX.XXXxxxxxxxXxxxxxxxxxx2022年06月03日verified
7XX.XX.XXX.XXXxxxxxxxXxxxxxxxxxx2022年06月03日verified
8XX.XX.XXX.XXXxxxxxxxXxxxxxxxxxx2022年06月03日verified
9XX.XX.XXX.XXXXxxxxxxxXxxxxxxxxxx2022年06月03日verified
10XX.XX.XXX.XXXxxxxxxxxxxx.xxXxxxxxxx2022年10月18日verified
11XX.XXX.XXX.Xxx-xx-xxx-xxx-x-xxxxx.xxx.xxxxxx-xx-xxxx.xxxXxxxxxxx2022年10月18日verified
12XX.XX.XXX.XXXxxxxxxx2022年06月03日verified
13XX.XXX.XXX.XXXXxxxxxxx2022年10月18日verified
14XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxXxxxxxxxxxx2022年06月03日verified
15XXX.XX.XX.XXxxxxxxx2022年10月18日verified
16XXX.XX.XXX.XXxxx.xx.xxx.xx-xxxxxx.xxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2022年06月03日verified
17XXX.XXX.XXX.XXXxxxxxxx2022年10月18日verified
18XXX.XXX.XXX.XXXxxxxxxxXxxxxxxxxxx2022年06月03日verified
19XXX.XXX.XXX.XXXXxxxxxxx2022年06月03日verified
20XXX.XXX.XXX.XXXXxxxxxxx2022年10月18日verified
21XXX.XXX.XXX.XXxxx.xxxxxx.xx.xxxx.xxxXxxxxxxx2022年10月18日verified
22XXX.XX.XXX.XXXXxxxxxxx2022年10月18日verified

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CAPEC-104CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
15TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
17TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
19TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
20TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
21TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxxxxx Xxxxxxxxxpredictive
22TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive
23TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
24TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (204)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/advanced-tools/nova/bin/netwatchpredictive
3File/classes/master.php?f=delete_orderpredictive
4File/etc/gsissh/sshd_configpredictive
5File/etc/passwdpredictive
6File/forms/nslookupHandlerpredictive
7File/h/autoSaveDraftpredictive
8File/index.phppredictive
9File/librarian/bookdetails.phppredictive
10File/modules/profile/index.phppredictive
11File/news.dtl.phppredictive
12File/opt/zimbra/jetty/webapps/zimbra/publicpredictive
13File/out.phppredictive
14File/patient/appointment.phppredictive
15File/php-opos/index.phppredictive
16File/protocol/iscgwtunnel/uploadiscgwrouteconf.phppredictive
17File/ptms/?page=userpredictive
18File/sqfs/bin/sccdpredictive
19File/tmppredictive
20File/uncpath/predictive
21File/upload/file.phppredictive
22File/usr/bin/atpredictive
23File/usr/local/www/pkg.phppredictive
24File/wp-admin/admin-ajax.phppredictive
25File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxxxxx/xxxxxx/xxxxx/predictive
26Filex.x.x\xxxxxx.xxxpredictive
27Filexxxxx.xxxpredictive
28Filexxxxx/xxx_xxxxx.xxxpredictive
29Filexxxxx/xxxxxxxx.xxx.xxxpredictive
30Filexxxxxx.xxxpredictive
31Filexxxxxx/predictive
32Filexxxxx-xxx.xpredictive
33Filexxxxx/xxx.xpredictive
34Filexxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxxpredictive
35Filexxxxxxxxxxxxxx.xxxxpredictive
36Filexx_xxxxx_xxxxx.xxxpredictive
37Filexxxxxxxxxxxxx.xxxpredictive
38Filexxxx/xxx_xxxxxx.xpredictive
39Filexxx/xxxxx/xxxxx.xpredictive
40Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictive
41Filexxx-xxx/xxxxxxx.xxpredictive
42Filexxxxx_xxx.xxxpredictive
43Filexxxxx.xxxxxxxxx.xxxpredictive
44Filexxxxxxx.xxxpredictive
45Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
46Filexxxxxxx.xxxpredictive
47Filexxxxxxx/xxx/xxxxxxxx.xpredictive
48Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
49Filexxxx.xxxpredictive
50Filexxx/xxx/xxx_xxxxxxxx.xpredictive
51Filexxxxxxxxxxx/xxxxx.xxxpredictive
52Filexxxx_xxxxxxxx_xxxxxxxxx.xpredictive
53Filexxxxxxx.xxxpredictive
54Filexxxxxxxxxx.xxxxpredictive
55Filexxxxxxxxx.xxxpredictive
56Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
57Filexxxxxxxx/xxxxx/xxxxx/xxxxxxxxxxx.xxxpredictive
58Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
59Filexxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictive
60Filexxxxx.xxxpredictive
61Filexxxxx.xxxpredictive
62Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictive
63Filexxxx.xxxpredictive
64Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
65Filexxxxxxxxxx.xxxpredictive
66Filexxxxxx.xxx/xxxxxx.xxxpredictive
67Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
68Filexxxxxxxx.xpredictive
69Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
70Filexxxx/xxxxx.xxxpredictive
71Filexxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxx.xxxpredictive
72Filexxxxxx/xxxxxx_xxxx.xxxpredictive
73Filexxxxxxxxx.xxxpredictive
74Filexxxxxxxxxxxxxxx.xxxpredictive
75Filexxxxxxx/xxxxxxx_xxxxxxx_xxxxxxx/xxxxxxx.xxxxxx.xxxxxxx_xxxxxxx_xxxxxxx.xxxpredictive
76Filexx.xxxxxxxxxx.xxxxpredictive
77Filexxxxxxxxx.xxxpredictive
78Filexxxx.xxxpredictive
79Filexxxxxx/xxx_xxxxxx/xpredictive
80Filexxxxxxxxxxxx.xxxpredictive
81Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
82Filexxxx.xxxpredictive
83Filexxxxxxx_xxxx.xxxpredictive
84Filexxxxxxxx_xxx_xxxxxxxxxx.xxxpredictive
85Filexxxxxxxxxxxxxx.xxxpredictive
86Filexxxxxxxx.xpredictive
87Filexxxxx.xxxpredictive
88Filexxxxxx.xxxpredictive
89Filexxxxx.xxxpredictive
90Filexxxxxxxx.xxxpredictive
91Filexxxxxxx.xxpredictive
92Filexxxxxxxx.xxxpredictive
93Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictive
94Filexxxxxxx.xxxpredictive
95Filexxxxxxxxxxx.xxxxpredictive
96Filexxx.xxxpredictive
97Filexxxxxx.xxpredictive
98Filexxxxx.xxxpredictive
99Filexxxx.xxxpredictive
100Filexxxxxxxxxxxxxxxx.xxxpredictive
101Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
102Filexxx/xxxxxx/xxxxx/xxx.xxpredictive
103Filexxx/xxx.xxxxxxx/xxxxxxxx.xxxpredictive
104Filexxx.xxxpredictive
105Filexxxxx_xxxxx.xxxpredictive
106Filexxxxxx.xpredictive
107Filexxxxxx_xxxxxxxx.xxxpredictive
108Filexxx_xxxx.xpredictive
109Filex_xxxxxx.xxxpredictive
110Filexxxxxxxxxx.xxxpredictive
111Filexxxxxxxx/xxxxxxxxx.xxxxxxx_xxxxxxxxx.xxxpredictive
112Filexxx-xxxxxxx.xpredictive
113Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictive
114Filexxxxxxxxx/xxxxx/xxxxxx.xxpredictive
115Filexxxxxx.xxxpredictive
116Filexx\xxxxxxx\xxxx-xxxx.xxxpredictive
117Filexxxxxx/xxxxxxxxxxxxx.xxxpredictive
118Filexxxxxx_xxxxxx.xxxpredictive
119Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
120Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
121File_xxxxxx/xxxxxxxx.xpredictive
122File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictive
123Library/_xxx_xxx/xxxxx.xxxpredictive
124Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictive
125Libraryxxxxxxxxx/xxx/xxx/xxxxxx.xxx.xxxpredictive
126Libraryxxxxxx[xxxxxx_xxxxpredictive
127Libraryxxx/xxxxxxxx.xxpredictive
128Libraryxxx/xx/xxx.xxpredictive
129Libraryxxx.xxxpredictive
130Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictive
131Argument$_xxxpredictive
132Argument$_xxxxxxx['xxx_xxxxxx']predictive
133Argument-xpredictive
134Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictive
135Argumentxxxxxxpredictive
136Argumentxxxxx_xxxx/xxx_xxxx/xxxx_xxpredictive
137Argumentxxxxxxpredictive
138Argumentxxxpredictive
139Argumentxxxxxxxx[xxxxxxx]predictive
140Argumentxxx_xxpredictive
141Argumentxxxxpredictive
142Argumentxxxxxxpredictive
143Argumentxxxxxx[xxxxxx_xxxx]predictive
144Argumentxxxxxxxxxxxpredictive
145Argumentx_xxxxxx.xxxx_xxxxxpredictive
146Argumentx_xxpredictive
147Argumentxxxxxxxx-xxxxxxpredictive
148Argumentxxxxxxxxpredictive
149Argumentxxxxxxpredictive
150Argumentxxxxxxxxxpredictive
151Argumentxxxxpredictive
152Argumentxxxxxxxxpredictive
153Argumentxxxxpredictive
154Argumentxxpredictive
155Argumentxxpredictive
156Argumentxx/xxxxpredictive
157Argumentxxxx/xxx/xxxxxxxx/xxxxx/xxxx/xxxxpredictive
158Argumentxxxxxxxxxxxpredictive
159Argumentxxpredictive
160Argumentxxxx/xxxxxx_xxxxpredictive
161Argumentxxxx_xxxxxxpredictive
162Argumentxxxxxpredictive
163Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
164Argumentxxxxpredictive
165Argumentxxxxpredictive
166Argumentxxxxxxpredictive
167Argumentxxxxxxxxxxxxxxpredictive
168Argumentxxpredictive
169Argumentxxxxxpredictive
170Argumentxxxxxxxxpredictive
171Argumentxxxxpredictive
172Argumentxxxx_xxxpredictive
173Argumentxxxxxxxpredictive
174Argumentxxxxx_xxxx_xxxxpredictive
175Argumentxxxxxxpredictive
176Argumentxxxxxxx_xx/xxxx_xxpredictive
177Argumentxxxxxxxxxxpredictive
178Argumentxxxxxxxxxxxpredictive
179Argumentxxx_xxxpredictive
180Argumentxxxxxxpredictive
181Argumentxxxxxpredictive
182Argumentxxxxxx/xxxxxx_xxxxxxpredictive
183Argumentxxxxxxxxxxpredictive
184Argumentxxxx_xxxxpredictive
185Argumentxxxxxxxxxxxpredictive
186Argumentxxxxxxpredictive
187Argumentxxxxxpredictive
188Argumentxxxxxxpredictive
189Argumentxxxxxx($xxx)predictive
190Argumentxxxxpredictive
191Argumentxxxpredictive
192Argumentxxxx xxxxpredictive
193Argumentx-xxxxxxxxx-xxxpredictive
194Input Value'"<xxxxxx>xxxxx(/xxxx.xx/)</xxxxxx>predictive
195Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
196Input Value.%xx.../.%xx.../predictive
197Input Value../predictive
198Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
199Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictive
200Input Value\xpredictive
201Input Value|xxx${xxx}predictive
202Network Portxxxxxpredictive
203Network Portxxxxxpredictive
204Network Portxxx/xxxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!