Pony Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (514)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en502
es4
de2
pl2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us12
ru10
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Pony3
Agrius1
Kuluoz1
TA5051
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined138
Smartphone Operating System54
Operating System36
Web Browser26
Content Management System16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined142
Apple50
Google36
Microsoft32
Oracle30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android32
Apple iOS22
Microsoft Windows14
Apple macOS14
Apple watchOS10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.49CVE-2010-0966
2PHP Outburst Easynews admin.php memory corruption7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.059210.09CVE-2006-5412
3Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
4Adobe Flash Player Display Object use after free8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.013460.00CVE-2017-3071
5XmlMapper in the Data format Extension DTD xml external entity reference8.48.4$0-$5k$0-$5kNot DefinedNot Defined0.001890.00CVE-2016-7051
6IBM Platform LSF key management8.38.3$5k-$25k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-1205
7Faveo rolechangeadmin cross-site request forgery6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004010.00CVE-2017-7571
8Jasper jpc_tsfb.c jpc_tsfb_synthesize null pointer dereference6.45.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2016-10248
9Rapid7 Metasploit Framework Installer untrusted search path6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2017-5235
10Aruba AirWave xml external entity reference7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006830.00CVE-2016-8526
11JustSystems Ichitaro Office Excel File memory corruption8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.004700.00CVE-2017-2790
12Facebook HHVM compact recursion7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002830.00CVE-2016-6873
13HPE Smart Storage Administrator command injection8.87.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.177900.04CVE-2016-8523
14Intelliants Subrion CMS ia.core.users.php code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003140.02CVE-2017-5543
15Apple tvOS WebKit information disclosure6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.003750.04CVE-2016-7598
16Netgear R6250/R6400/R6700/R7000/R7100LG/R7300/R7900/R8000 URL cross-site request forgery8.07.9$5k-$25k$0-$5kHighOfficial Fix0.974640.04CVE-2016-6277
17Tatsuya Kinoshita w3m memory corruption6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.004480.00CVE-2016-9627
18SPIP plonger.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001270.02CVE-2016-9152
19BlueZ Dump File packet.c l2cap_packet memory corruption5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003100.02CVE-2016-9802
20dotCMS JSONTags Servlet sql injection8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004460.02CVE-2016-8905

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.161.1.172free.gbnhost.comPony04/05/2022verifiedHigh
266.175.212.2566-175-212-25.ip.linodeusercontent.comPony12/18/2023verifiedHigh
381.177.22.179cl.hostlix.ruPony04/05/2022verifiedHigh
4XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxxx.xxxxxxxxxxxxx.xxXxxx04/05/2022verifiedHigh
5XX.XXX.XX.XXXxxxx-xx-xxx.xxx.xxxxxxx.xxXxxx04/05/2022verifiedHigh
6XX.XX.XX.XXxx.xxx-xx-xx-xx.xxxxxxxxx.xxxx-xxx.xxxXxxx04/05/2022verifiedHigh
7XX.XXX.XX.XXXxxx04/05/2022verifiedHigh
8XX.XXX.XXX.XXxxxxxxxxx.xxXxxx04/05/2022verifiedHigh
9XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxx.xxxXxxx04/05/2022verifiedHigh
10XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxx.xxxxxxxx.xxXxxx04/05/2022verifiedHigh
11XXX.XX.XXX.XXXxxx05/31/2023verifiedHigh
12XXX.XXX.XXX.XXxxxx-xxx-xx.xxx.xxxxxxx.xxXxxx04/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (187)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/predictiveLow
2File/admin/featured.phppredictiveHigh
3File/admin/slider.phppredictiveHigh
4File/admin/users.phppredictiveHigh
5File/apiclient/ember/index.jsppredictiveHigh
6File/category.phppredictiveHigh
7File/cgi/ansipredictiveMedium
8File/dev/datum/predictiveMedium
9File/getImagepredictiveMedium
10File/goform/predictiveMedium
11File/holiday.phppredictiveMedium
12File/home/dna/spool/.pfilepredictiveHigh
13File/html/feed.phppredictiveHigh
14File/inc/campaign/view-campaign-list.phppredictiveHigh
15File/index.phppredictiveMedium
16File/install/index.phppredictiveHigh
17File/lists/index.phppredictiveHigh
18File/myAccountpredictiveMedium
19File/real-estate-script/search_property.phppredictiveHigh
20File/SAAS/WEB-INFpredictiveHigh
21File/searchpin.phppredictiveHigh
22File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictiveHigh
23File/xxxxxxxxxxxx/xxxx_xxx_x.xxxpredictiveHigh
24Filexxxxxxx/xxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
27Filexxxxx/xxxxxx.xxxpredictiveHigh
28Filexxxxx_xxx_xxxx.xxxpredictiveHigh
29Filexxxxxxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
30Filexxxx\xxxxx\xxxxxxxxxx\xxxxxxx\xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxx/xxxx/xxxx/xxxx_xxxxx_xxxx_xxxxx.xpredictiveHigh
32Filexxxx/xxxxxx.xpredictiveHigh
33Filexxxx/xxxxxxxxx.xxxpredictiveHigh
34Filexxxxxx.xpredictiveMedium
35Filexxxxxx_xx.xpredictiveMedium
36Filexxx.xxpredictiveLow
37Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
38FilexxxxxxxxxxxxxxxxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxxxx/xxx.xpredictiveMedium
41Filexxxxxx/xxx_xxxxxxx.xpredictiveHigh
42Filexxxxxxxxx-xxxxxx-xxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveHigh
43Filexx-xxxxxxxx.xpredictiveHigh
44Filexxx_xx_xxx.xpredictiveMedium
45Filexxx_xx_xxxxxx.xpredictiveHigh
46Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxx/xxxx/xxxxxx_xxxxxxx.xpredictiveHigh
48Filexxxxxxx/xxx/xxx/xxx/xxx_xxx.xpredictiveHigh
49Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveHigh
50Filexxxxx_xxxx.xpredictiveMedium
51Filexxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxx.xpredictiveMedium
54Filexxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxx.xpredictiveLow
56Filexxx/xxxx/xxxx.xpredictiveHigh
57Filexxxxxxx.xpredictiveMedium
58Filexxxx/xxxxxx/xxxxxxxx/xxxx_x.xxxpredictiveHigh
59Filexxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxx-xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx/xxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxx.xpredictiveHigh
62Filexxx-xxxxxx-xxx.xpredictiveHigh
63Filexxx-xxxx/xxx/xxxx/xxxx-xxxxx.xpredictiveHigh
64Filexxxxxxxxx.xxxpredictiveHigh
65Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveHigh
66Filexxx.xxxpredictiveLow
67Filexxxxxx-xxx.xpredictiveMedium
68Filexxxxxx-xxxx.xpredictiveHigh
69Filexxx/xxxxxx.xxxpredictiveHigh
70Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
71Filexxxxxxxx/xxxxxxx/xx.xxxx.xxxxx.xxxpredictiveHigh
72Filexxxxx.xxxpredictiveMedium
73Filexxxxxxx/xxxxx.xxxpredictiveHigh
74Filexxxx/x_xxxxxxxxxxxx.xpredictiveHigh
75Filexxxxx_xxxxxxx.xpredictiveHigh
76Filexxx_xxxx.xpredictiveMedium
77Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
78Filexxxx/xxxxxx.xxxpredictiveHigh
79Filexxxxxx/xxxxxxxx.xxpredictiveHigh
80Filexxxxx/xxxxxxx.xpredictiveHigh
81Filexxxxxxxxx/xxx/xxx_xxx.xpredictiveHigh
82Filexxxxxxxx.xxpredictiveMedium
83Filexxxx/xxx/x/xxx_xxxxxx.xpredictiveHigh
84Filexxxx/xxx/x/xxx_xxxx.xpredictiveHigh
85Filexxxxxxx/xxx_xxxxx.xpredictiveHigh
86Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
87Filexxx_xxxxx_xxx.xxxpredictiveHigh
88Filexxxxxx/xxxxxx.xpredictiveHigh
89Filexxxxxx/xxx-xxxx.xpredictiveHigh
90Filexxxxxx.xxpredictiveMedium
91Filexxxxxxx.xpredictiveMedium
92Filexxxxxxx/xxxxxx.xpredictiveHigh
93Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxxxx.xpredictiveHigh
94Filexxx/xxxx/xxxx.xpredictiveHigh
95Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
96Filexxxxxxxxx.xpredictiveMedium
97Filexxxxxxxx.xxxpredictiveMedium
98Filexxxxxx.xpredictiveMedium
99Filexxxxxxx.xxxpredictiveMedium
100Filexxxxx-xxxxx.xpredictiveHigh
101Filexxxxx-xxx.xpredictiveMedium
102Filexxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
103Filexxxxxxx/xxxxxx:xx.x.xpredictiveHigh
104Filexxxxxxxx.xxxpredictiveMedium
105Filexxxxxxxx_xxxx.xxxpredictiveHigh
106Filexxxx-xxx/xxxxxxxx.xxxpredictiveHigh
107Filexxxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
108Filexxxxx/xxxxxxx/xxxxx/xxxxxx.xxxpredictiveHigh
109Filexxxxxx_xxxxxxx-xxxxxx/xxxxxxxx/xxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
110Filexxx_xxx.xpredictiveMedium
111Filexxx_xxxxxxxx.xpredictiveHigh
112Filexxxx-xxxxxxxx.xxxpredictiveHigh
113Filexxxxx/xxxxxx/xxx.xpredictiveHigh
114Filexxxxx/xxxxxx/xxxxx.xpredictiveHigh
115Filexxxxx/xxxxxxxx.xpredictiveHigh
116Filexxxxxx.xxxpredictiveMedium
117Filexxxxxxxxxxx-xxxxxx/xxx/xxxxx/xxxx.xxxpredictiveHigh
118Filexx-xxxxx.xxxpredictiveMedium
119Filexxxx/xxxxxpredictiveMedium
120Filexxxx.xxpredictiveLow
121Filexxxxxxxxxx-xxxxxx/xxx/xxxxx/xxxxxxx/xxxxx/xx/xxxxxxxxx.xx.xxxpredictiveHigh
122Library/xxx/xxx/xxxx/predictiveHigh
123Libraryxxxxx.xxxpredictiveMedium
124Libraryxxx/xxx/xxxxxxx/xxxxxxx/xxxxx.xxxxxxx.xxxpredictiveHigh
125Libraryxxxxxxxx.xxxpredictiveMedium
126Libraryxxxxxx.xxxpredictiveMedium
127Argument$xxxx['xxx']predictiveMedium
128Argument--xx xxxpredictiveMedium
129ArgumentxxxxxxpredictiveLow
130ArgumentxxxxxxxxxpredictiveMedium
131ArgumentxxxxxxxxxxxxpredictiveMedium
132ArgumentxxxxxxxxpredictiveMedium
133ArgumentxxxxxxxpredictiveLow
134ArgumentxxxxxpredictiveLow
135Argumentxxxxx_xxpredictiveMedium
136ArgumentxxxxpredictiveLow
137Argumentxxxxxxxx/xxxx/xxx/xxxxxxxxxxx/xxxxxpredictiveHigh
138Argumentxxxxxx_xxxpredictiveMedium
139Argumentxxxxxx.xxxx[]/xxxxxx.xxxxx[]predictiveHigh
140ArgumentxxxxxxxxxxxpredictiveMedium
141Argumentxx_xxxxx_xxpredictiveMedium
142ArgumentxxxxpredictiveLow
143ArgumentxxxxxxxxpredictiveMedium
144ArgumentxxxxxxxxpredictiveMedium
145Argumentxxxxxx[xxxxx][xxxxx][x][xxx]predictiveHigh
146Argumentxxx->xxxpredictiveMedium
147ArgumentxxxpredictiveLow
148ArgumentxxxxpredictiveLow
149ArgumentxxpredictiveLow
150ArgumentxxxxxxxxxxpredictiveMedium
151Argumentxxxxx_xxxpredictiveMedium
152ArgumentxxxxpredictiveLow
153Argumentxxx_xxx:xxxxxxpredictiveHigh
154Argumentxxxxx_xxpredictiveMedium
155ArgumentxxxxxpredictiveLow
156ArgumentxxxxxxxxpredictiveMedium
157ArgumentxxxxxxxxxxxxxxpredictiveHigh
158Argumentxxxxxxxx_xxxpredictiveMedium
159ArgumentxxxpredictiveLow
160ArgumentxxxxxxxpredictiveLow
161ArgumentxxxxxxxpredictiveLow
162ArgumentxxxxxxxxxxxpredictiveMedium
163ArgumentxxpredictiveLow
164ArgumentxxxxxxxpredictiveLow
165ArgumentxxxxpredictiveLow
166Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveHigh
167ArgumentxxxxxxxxxxxxpredictiveMedium
168ArgumentxxxxxxxxpredictiveMedium
169ArgumentxxxxxxxxpredictiveMedium
170Argumentxxxxxxxx/xxxxpredictiveHigh
171ArgumentxxxxxxxxpredictiveMedium
172Argumentxxxxxxxx/xxxxxxx_xxxxpredictiveHigh
173Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
174Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
175Input Value'xx''='predictiveLow
176Input Value-x+xxxxx+xxxxxx+x,x,xxxxxxx()predictiveHigh
177Input Value..\/predictiveLow
178Input Value/xxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxx/x&xxxx;)"%xxxxxxxxx=xxxxx('xxx');%xxxxxxxxxxx%xxx='/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxpredictiveHigh
179Input ValuexxxxpredictiveLow
180Input Value;[xxxxxxx]predictiveMedium
181Input ValuexxxxpredictiveLow
182Input Valuexxxxx!predictiveLow
183Input Value[\x]*predictiveLow
184Network PortxxpredictiveLow
185Network PortxxxxpredictiveLow
186Network Portxxx/xxxxpredictiveMedium
187Network Portxxx/xxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!