Potao Analysis

IOB - Indicator of Behavior (271)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en260
de8
ru2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us208
ru22
cn6
gb4
tr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Potao10
Dridex2
Vobfus1
RedLine Stealer1
JAFF1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Content Management System14
Web Server12
Forum Software4
Web Browser4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined40
Microsoft12
TP-LINK4
Juniper4
WordPress2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Edge4
Microsoft IIS4
PHPWind4
WordPress AdServe2
Xoops2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.260.00000
2Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.700.00151CVE-2008-2052
3vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.090.00118CVE-2018-6200
4FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.900.00203CVE-2008-5928
5Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00000
6Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.500.01365CVE-2007-2046
7OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.450.00440CVE-2014-2230
8My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.350.00000
9Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.300.00119CVE-2010-2338
10PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.070.00348CVE-2015-4134
11GetSimpleCMS index.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.150.00113CVE-2019-9915
12E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.040.00087CVE-2008-2867
13phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.100.00309CVE-2005-3791
14vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.250.00181CVE-2007-6138
15Apache Spark UI command injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.96901CVE-2022-33891
16WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.090.00073CVE-2008-0507
17Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00062CVE-2017-12138
18phpPgAdmin redirect.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.03308CVE-2007-5728
19SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00061CVE-2023-2090
20PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00254CVE-2015-4135

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.44.99.46server.toastedweb.euPotaoPotao Express12/24/2020verifiedHigh
237.139.47.16237-139-47-162.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedHigh
346.163.73.99lvps46-163-73-99.dedicated.hosteurope.dePotaoPotao Express12/24/2020verifiedHigh
446.165.228.130PotaoPotao Express12/24/2020verifiedHigh
562.76.42.1462-76-42-14.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedHigh
662.76.184.24562-76-184-245.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedHigh
762.76.189.181srv.planetaexcel.ruPotaoPotao Express12/24/2020verifiedHigh
864.40.101.43PotaoPotao05/31/2021verifiedHigh
9XX.XX.XXX.XXXxxxxXxxxx05/31/2021verifiedHigh
10XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
11XX.XX.XX.XXXxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
12XX.XX.XXX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
13XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
14XX.XX.XXX.XXXxxxxxxx.xxxx.xxx.xxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
15XX.XXX.XX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
16XX.XXX.XX.XXxxx.xxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
17XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
18XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxxxXxxxx05/31/2021verifiedHigh
19XX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
20XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
21XX.XXX.XXX.XXxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
22XXX.X.XX.XXXxxx.xx.x.xxx.xxxxxxx.xxx.xxXxxxxXxxxx05/31/2021verifiedHigh
23XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
24XXX.XX.XX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
25XXX.XX.XXX.XXXXxxxxXxxxx05/31/2021verifiedHigh
26XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
27XXX.XXX.XX.XXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
28XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
29XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
30XXX.XXX.XXX.XXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
31XXX.XXX.XX.XXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
32XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxx.xxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
33XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
34XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
35XXX.XX.XXX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
36XXX.XXX.XX.XXXxxxxxx.xxx.xxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
37XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
38XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveHigh
4File/htdocs/admin/dict.php?id=3predictiveHigh
5File/iwguestbook/admin/badwords_edit.asppredictiveHigh
6File/modules/profile/index.phppredictiveHigh
7File/out.phppredictiveMedium
8File/setSystemAdminpredictiveHigh
9File/uncpath/predictiveMedium
10File/usr/bin/pkexecpredictiveHigh
11File/webpages/datapredictiveHigh
12File/wp-admin/options.phppredictiveHigh
13File/xx/xxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxx/xxxxx.xxxpredictiveHigh
16Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
17Filexxx.xxxpredictiveLow
18Filexxxx/xxx/xxxx/xxxxxxxxxxxpredictiveHigh
19Filexxx/xxxxxxxxxxx/xxxxxxxxxxx_xxxxxxxxxx.xxpredictiveHigh
20Filexxxx.xpredictiveLow
21Filexxx-xxx/predictiveMedium
22Filexxxxxx.xpredictiveMedium
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxx.xxxpredictiveMedium
25Filexxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.xpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxx.xxxpredictiveMedium
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxx/xxxxx.xpredictiveHigh
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
43Filexxx.xpredictiveLow
44Filexxx/xxxxxxxxx.xpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxx.xxxpredictiveLow
48Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxpredictiveHigh
49Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
50Libraryxxxx.xxxpredictiveMedium
51Libraryxxxxxxxx.xxxpredictiveMedium
52Argumentxxxxxx=xxxxpredictiveMedium
53ArgumentxxxxxxxpredictiveLow
54Argumentxxxx_xxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxxx_xxpredictiveMedium
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxpredictiveLow
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70ArgumentxxxxxxxxpredictiveMedium
71Argumentxxxx_xxxxpredictiveMedium
72Argumentxxxxxxxx_xxxxxpredictiveHigh
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxpredictiveLow
75Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
76ArgumentxxxxxpredictiveLow
77Argumentx_xxxxxxpredictiveMedium
78ArgumentxxxpredictiveLow
79ArgumentxxxxxpredictiveLow
80Input Value../predictiveLow
81Input Value/%xxpredictiveLow
82Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
83Input ValuexxxxxxpredictiveLow
84Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
85Input Value@xxxxxxxx.xxxpredictiveHigh
86Network Portxxx/xxxxpredictiveMedium
87Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!