Polonium Analys

IOB - Indicator of Behavior (398)

Tidslinje

Lang

en350
de24
ru6
fr6
es4

Land

us228
tr28
gb22
ru18
ag14

Skådespelare

Aktiviteter

Intressera

Tidslinje

Typ

Säljare

Produkt

WordPress8
PHP6
Google Android6
Apache Tomcat6
Microsoft Windows6

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.110.00241CVE-2020-12440
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
3Popup Builder Plugin kataloggenomgång6.36.0$0-$5kBeräknandeNot DefinedOfficial Fix0.000.00088CVE-2021-25082
4pfSense pkg.php echo Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00093CVE-2022-23993
5Maran PHP Shop prod.php sql injektion7.37.3$0-$5kBeräknandeHighUnavailable0.040.00137CVE-2008-4879
6Netentsec NS-ASG Application Security Gateway uploadiscgwrouteconf.php sql injektion6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00063CVE-2023-5700
7Rocklobster Contact Form 7 privilegier eskalering6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.85054CVE-2020-35489
8Foxit PDF Reader exportXFAData Local Privilege Escalation5.35.1$0-$5kBeräknandeNot DefinedOfficial Fix0.000.00000CVE-2023-27363
9Synacor Zimbra Collaboration Suite ClientUploader privilegier eskalering4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00203CVE-2022-45912
10FileCloud API Endpoint Privilege Escalation6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00199CVE-2022-39833
11Dahua IP Camera/PTZ Dome Camera privilegier eskalering5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00236CVE-2021-33046
12Bitrix Site Manager redirect.php privilegier eskalering5.34.7$0-$5k$0-$5kUnprovenUnavailable0.030.00113CVE-2008-2052
13Serendipity exit.php privilegier eskalering6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
14Linux Kernel IPsec idt77252.c tst_timer minneskorruption6.05.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2022-3635
15Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.070.00258CVE-2020-1927
16phpMyAdmin Privileges.php sql injektion7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00145CVE-2020-10804
17Hikvision Product Message privilegier eskalering5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97493CVE-2021-36260
18Gallarific PHP Photo Gallery script gallery.php sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00112CVE-2011-0519
19Ecommerce Online Store Kit shop.php sql injektion9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300

Kampanjer (1)

These are the campaigns that can be associated with the actor:

  • CreepySnail

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-21, CWE-22Path TraversalpredictiveHög
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3T1059CWE-94Argument InjectionpredictiveHög
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHög
5T1068CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHög
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHög
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
12TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHög
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
16TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHög
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
19TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHög
20TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
21TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxxxxx XxxxxxxxxpredictiveHög
22TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHög
23TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (204)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File.htaccesspredictiveMedium
2File/advanced-tools/nova/bin/netwatchpredictiveHög
3File/classes/master.php?f=delete_orderpredictiveHög
4File/etc/gsissh/sshd_configpredictiveHög
5File/etc/passwdpredictiveMedium
6File/forms/nslookupHandlerpredictiveHög
7File/h/autoSaveDraftpredictiveHög
8File/index.phppredictiveMedium
9File/librarian/bookdetails.phppredictiveHög
10File/modules/profile/index.phppredictiveHög
11File/news.dtl.phppredictiveHög
12File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHög
13File/out.phppredictiveMedium
14File/patient/appointment.phppredictiveHög
15File/php-opos/index.phppredictiveHög
16File/protocol/iscgwtunnel/uploadiscgwrouteconf.phppredictiveHög
17File/ptms/?page=userpredictiveHög
18File/sqfs/bin/sccdpredictiveHög
19File/tmppredictiveLåg
20File/uncpath/predictiveMedium
21File/upload/file.phppredictiveHög
22File/usr/bin/atpredictiveMedium
23File/usr/local/www/pkg.phppredictiveHög
24File/wp-admin/admin-ajax.phppredictiveHög
25File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxxxxx/xxxxxx/xxxxx/predictiveHög
26Filex.x.x\xxxxxx.xxxpredictiveHög
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx/xxx_xxxxx.xxxpredictiveHög
29Filexxxxx/xxxxxxxx.xxx.xxxpredictiveHög
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxx/predictiveLåg
32Filexxxxx-xxx.xpredictiveMedium
33Filexxxxx/xxx.xpredictiveMedium
34Filexxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxxpredictiveHög
35Filexxxxxxxxxxxxxx.xxxxpredictiveHög
36Filexx_xxxxx_xxxxx.xxxpredictiveHög
37Filexxxxxxxxxxxxx.xxxpredictiveHög
38Filexxxx/xxx_xxxxxx.xpredictiveHög
39Filexxx/xxxxx/xxxxx.xpredictiveHög
40Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHög
41Filexxx-xxx/xxxxxxx.xxpredictiveHög
42Filexxxxx_xxx.xxxpredictiveHög
43Filexxxxx.xxxxxxxxx.xxxpredictiveHög
44Filexxxxxxx.xxxpredictiveMedium
45Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHög
46Filexxxxxxx.xxxpredictiveMedium
47Filexxxxxxx/xxx/xxxxxxxx.xpredictiveHög
48Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
49Filexxxx.xxxpredictiveMedium
50Filexxx/xxx/xxx_xxxxxxxx.xpredictiveHög
51Filexxxxxxxxxxx/xxxxx.xxxpredictiveHög
52Filexxxx_xxxxxxxx_xxxxxxxxx.xpredictiveHög
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxxxxxxxx.xxxxpredictiveHög
55Filexxxxxxxxx.xxxpredictiveHög
56Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
57Filexxxxxxxx/xxxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveHög
58Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHög
59Filexxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
60Filexxxxx.xxxpredictiveMedium
61Filexxxxx.xxxpredictiveMedium
62Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveHög
63Filexxxx.xxxpredictiveMedium
64Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHög
65Filexxxxxxxxxx.xxxpredictiveHög
66Filexxxxxx.xxx/xxxxxx.xxxpredictiveHög
67Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHög
68Filexxxxxxxx.xpredictiveMedium
69Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHög
70Filexxxx/xxxxx.xxxpredictiveHög
71Filexxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHög
72Filexxxxxx/xxxxxx_xxxx.xxxpredictiveHög
73Filexxxxxxxxx.xxxpredictiveHög
74Filexxxxxxxxxxxxxxx.xxxpredictiveHög
75Filexxxxxxx/xxxxxxx_xxxxxxx_xxxxxxx/xxxxxxx.xxxxxx.xxxxxxx_xxxxxxx_xxxxxxx.xxxpredictiveHög
76Filexx.xxxxxxxxxx.xxxxpredictiveHög
77Filexxxxxxxxx.xxxpredictiveHög
78Filexxxx.xxxpredictiveMedium
79Filexxxxxx/xxx_xxxxxx/xpredictiveHög
80Filexxxxxxxxxxxx.xxxpredictiveHög
81Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHög
82Filexxxx.xxxpredictiveMedium
83Filexxxxxxx_xxxx.xxxpredictiveHög
84Filexxxxxxxx_xxx_xxxxxxxxxx.xxxpredictiveHög
85Filexxxxxxxxxxxxxx.xxxpredictiveHög
86Filexxxxxxxx.xpredictiveMedium
87Filexxxxx.xxxpredictiveMedium
88Filexxxxxx.xxxpredictiveMedium
89Filexxxxx.xxxpredictiveMedium
90Filexxxxxxxx.xxxpredictiveMedium
91Filexxxxxxx.xxpredictiveMedium
92Filexxxxxxxx.xxxpredictiveMedium
93Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHög
94Filexxxxxxx.xxxpredictiveMedium
95Filexxxxxxxxxxx.xxxxpredictiveHög
96Filexxx.xxxpredictiveLåg
97Filexxxxxx.xxpredictiveMedium
98Filexxxxx.xxxpredictiveMedium
99Filexxxx.xxxpredictiveMedium
100Filexxxxxxxxxxxxxxxx.xxxpredictiveHög
101Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHög
102Filexxx/xxxxxx/xxxxx/xxx.xxpredictiveHög
103Filexxx/xxx.xxxxxxx/xxxxxxxx.xxxpredictiveHög
104Filexxx.xxxpredictiveLåg
105Filexxxxx_xxxxx.xxxpredictiveHög
106Filexxxxxx.xpredictiveMedium
107Filexxxxxx_xxxxxxxx.xxxpredictiveHög
108Filexxx_xxxx.xpredictiveMedium
109Filex_xxxxxx.xxxpredictiveMedium
110Filexxxxxxxxxx.xxxpredictiveHög
111Filexxxxxxxx/xxxxxxxxx.xxxxxxx_xxxxxxxxx.xxxpredictiveHög
112Filexxx-xxxxxxx.xpredictiveHög
113Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHög
114Filexxxxxxxxx/xxxxx/xxxxxx.xxpredictiveHög
115Filexxxxxx.xxxpredictiveMedium
116Filexx\xxxxxxx\xxxx-xxxx.xxxpredictiveHög
117Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveHög
118Filexxxxxx_xxxxxx.xxxpredictiveHög
119Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHög
120Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHög
121File_xxxxxx/xxxxxxxx.xpredictiveHög
122File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHög
123Library/_xxx_xxx/xxxxx.xxxpredictiveHög
124Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHög
125Libraryxxxxxxxxx/xxx/xxx/xxxxxx.xxx.xxxpredictiveHög
126Libraryxxxxxx[xxxxxx_xxxxpredictiveHög
127Libraryxxx/xxxxxxxx.xxpredictiveHög
128Libraryxxx/xx/xxx.xxpredictiveHög
129Libraryxxx.xxxpredictiveLåg
130Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHög
131Argument$_xxxpredictiveLåg
132Argument$_xxxxxxx['xxx_xxxxxx']predictiveHög
133Argument-xpredictiveLåg
134Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHög
135ArgumentxxxxxxpredictiveLåg
136Argumentxxxxx_xxxx/xxx_xxxx/xxxx_xxpredictiveHög
137ArgumentxxxxxxpredictiveLåg
138ArgumentxxxpredictiveLåg
139Argumentxxxxxxxx[xxxxxxx]predictiveHög
140Argumentxxx_xxpredictiveLåg
141ArgumentxxxxpredictiveLåg
142ArgumentxxxxxxpredictiveLåg
143Argumentxxxxxx[xxxxxx_xxxx]predictiveHög
144ArgumentxxxxxxxxxxxpredictiveMedium
145Argumentx_xxxxxx.xxxx_xxxxxpredictiveHög
146Argumentx_xxpredictiveLåg
147Argumentxxxxxxxx-xxxxxxpredictiveHög
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxxxpredictiveLåg
150ArgumentxxxxxxxxxpredictiveMedium
151ArgumentxxxxpredictiveLåg
152ArgumentxxxxxxxxpredictiveMedium
153ArgumentxxxxpredictiveLåg
154ArgumentxxpredictiveLåg
155ArgumentxxpredictiveLåg
156Argumentxx/xxxxpredictiveLåg
157Argumentxxxx/xxx/xxxxxxxx/xxxxx/xxxx/xxxxpredictiveHög
158ArgumentxxxxxxxxxxxpredictiveMedium
159ArgumentxxpredictiveLåg
160Argumentxxxx/xxxxxx_xxxxpredictiveHög
161Argumentxxxx_xxxxxxpredictiveMedium
162ArgumentxxxxxpredictiveLåg
163Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHög
164ArgumentxxxxpredictiveLåg
165ArgumentxxxxpredictiveLåg
166ArgumentxxxxxxpredictiveLåg
167ArgumentxxxxxxxxxxxxxxpredictiveHög
168ArgumentxxpredictiveLåg
169ArgumentxxxxxpredictiveLåg
170ArgumentxxxxxxxxpredictiveMedium
171ArgumentxxxxpredictiveLåg
172Argumentxxxx_xxxpredictiveMedium
173ArgumentxxxxxxxpredictiveLåg
174Argumentxxxxx_xxxx_xxxxpredictiveHög
175ArgumentxxxxxxpredictiveLåg
176Argumentxxxxxxx_xx/xxxx_xxpredictiveHög
177ArgumentxxxxxxxxxxpredictiveMedium
178ArgumentxxxxxxxxxxxpredictiveMedium
179Argumentxxx_xxxpredictiveLåg
180ArgumentxxxxxxpredictiveLåg
181ArgumentxxxxxpredictiveLåg
182Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHög
183ArgumentxxxxxxxxxxpredictiveMedium
184Argumentxxxx_xxxxpredictiveMedium
185ArgumentxxxxxxxxxxxpredictiveMedium
186ArgumentxxxxxxpredictiveLåg
187ArgumentxxxxxpredictiveLåg
188ArgumentxxxxxxpredictiveLåg
189Argumentxxxxxx($xxx)predictiveMedium
190ArgumentxxxxpredictiveLåg
191ArgumentxxxpredictiveLåg
192Argumentxxxx xxxxpredictiveMedium
193Argumentx-xxxxxxxxx-xxxpredictiveHög
194Input Value'"<xxxxxx>xxxxx(/xxxx.xx/)</xxxxxx>predictiveHög
195Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHög
196Input Value.%xx.../.%xx.../predictiveHög
197Input Value../predictiveLåg
198Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHög
199Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveHög
200Input Value\xpredictiveLåg
201Input Value|xxx${xxx}predictiveMedium
202Network PortxxxxxpredictiveLåg
203Network PortxxxxxpredictiveLåg
204Network Portxxx/xxxxxpredictiveMedium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!