Potao Analysisinfo

IOB - Indicator of Behavior (315)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en298
de8
ru4
pt2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Edge6
DZCP deV!L`z Clanportal4
Fortinet FortiOS4
less2
AVM Fritz!Box 74902

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.06
2Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001470.08CVE-2008-2052
3Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.65
4GetSimpleCMS index.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001390.07CVE-2019-9915
5FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.59CVE-2008-5928
6vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001210.00CVE-2018-6200
7Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.35CVE-2007-2046
8OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.003100.05CVE-2014-2230
9PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.00CVE-2015-4134
10My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03
11Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.06CVE-2010-2338
12E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000870.06CVE-2008-2867
13vu Mass Mailer Login Page redir.asp sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.003880.04CVE-2007-6138
14phpPgAds adclick.php5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003150.08CVE-2005-3791
15PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002540.05CVE-2015-4135
16obgm libcoap Configuration File coap_oscore.c get_split_entry stack-based overflow6.86.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000420.06CVE-2024-0962
17Apache Spark UI command injection7.17.0$5k-$25k$0-$5kHighOfficial Fix0.973100.03CVE-2022-33891
18less filename.c close_altfile Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-48624
19KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal3.33.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.08CVE-2024-1433
20SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.05CVE-2024-1196

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.44.99.46server.toastedweb.euPotaoPotao Express12/24/2020verifiedLow
237.139.47.16237-139-47-162.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedLow
346.163.73.99lvps46-163-73-99.dedicated.hosteurope.dePotaoPotao Express12/24/2020verifiedVery Low
446.165.228.130PotaoPotao Express12/24/2020verifiedLow
562.76.42.1462-76-42-14.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedLow
662.76.184.24562-76-184-245.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedLow
762.76.189.181srv.planetaexcel.ruPotaoPotao Express12/24/2020verifiedLow
864.40.101.43PotaoPotao05/31/2021verifiedLow
9XX.XX.XXX.XXXxxxxXxxxx05/31/2021verifiedLow
10XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedLow
11XX.XX.XX.XXXxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedLow
12XX.XX.XXX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedLow
13XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxXxxxxXxxxx05/31/2021verifiedLow
14XX.XX.XXX.XXXxxxxxxx.xxxx.xxx.xxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
15XX.XXX.XX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
16XX.XXX.XX.XXxxx.xxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
17XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedVery Low
18XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxxxXxxxx05/31/2021verifiedLow
19XX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedVery Low
20XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
21XX.XXX.XXX.XXxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
22XXX.X.XX.XXXxxx.xx.x.xxx.xxxxxxx.xxx.xxXxxxxXxxxx05/31/2021verifiedLow
23XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedLow
24XXX.XX.XX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
25XXX.XX.XXX.XXXXxxxxXxxxx05/31/2021verifiedLow
26XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
27XXX.XXX.XX.XXXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
28XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
29XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
30XXX.XXX.XXX.XXXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
31XXX.XXX.XX.XXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
32XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxx.xxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
33XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
34XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
35XXX.XX.XXX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
36XXX.XXX.XX.XXXxxxxxx.xxx.xxxxxx.xxxXxxxxXxxxx05/31/2021verifiedVery Low
37XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow
38XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedLow

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveHigh
4File/htdocs/admin/dict.php?id=3predictiveHigh
5File/iwguestbook/admin/badwords_edit.asppredictiveHigh
6File/modules/profile/index.phppredictiveHigh
7File/out.phppredictiveMedium
8File/setSystemAdminpredictiveHigh
9File/uncpath/predictiveMedium
10File/usr/bin/pkexecpredictiveHigh
11File/webpages/datapredictiveHigh
12File/wp-admin/options.phppredictiveHigh
13File/zm/index.phppredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxx-xxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxx/xxxxx.xxxpredictiveHigh
17Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
18Filexxx.xxxpredictiveLow
19Filexxxx/xxx/xxxx/xxxxxxxxxxxpredictiveHigh
20Filexxx/xxxxxxxxxxx/xxxxxxxxxxx_xxxxxxxxxx.xxpredictiveHigh
21Filexxxx.xpredictiveLow
22Filexxx-xxx/predictiveMedium
23Filexxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxx.xpredictiveMedium
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.xpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxxx.xpredictiveMedium
31Filexxxxxx.xxxpredictiveMedium
32Filexxx_xxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxx/xxxxxx.xxxpredictiveHigh
35Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxx/xxxxx.xpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxx/xxx.xxxpredictiveHigh
40Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
48Filexxx.xpredictiveLow
49Filexxx/xxxx_xxxxxx.xpredictiveHigh
50Filexxx/xxxxxxxxx.xpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxx.xxxpredictiveLow
54Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxpredictiveHigh
55Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
56Libraryxxxx.xxxpredictiveMedium
57Libraryxxxxxxxx.xxxpredictiveMedium
58Argumentxxxxxx=xxxxpredictiveMedium
59ArgumentxxxxxxxpredictiveLow
60Argumentxxxx_xxxpredictiveMedium
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxpredictiveLow
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxxxxx_xxpredictiveMedium
68ArgumentxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxpredictiveLow
71ArgumentxxxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveHigh
77ArgumentxxxxxxxxpredictiveMedium
78Argumentxxxx_xxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxxxxx_xxxxxpredictiveHigh
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxpredictiveLow
83Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
84ArgumentxxxxxpredictiveLow
85Argumentx_xxxxxxpredictiveMedium
86ArgumentxxxpredictiveLow
87ArgumentxxxxxpredictiveLow
88Input Value../predictiveLow
89Input Value/%xxpredictiveLow
90Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
91Input ValuexxxxxxpredictiveLow
92Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
93Input Value@xxxxxxxx.xxxpredictiveHigh
94Network Portxxx/xxxxpredictiveMedium
95Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!