Potao Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (312)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en292
ru10
de6
pt2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us246
ru38
cn6
dk2
az2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Potao9
Dridex1
Vobfus1
RedLine Stealer1
JAFF1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Content Management System18
Web Server8
Operating System6
WordPress Plugin6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
Microsoft8
Apache6
TP-LINK6
F54

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

F5 BIG-IP4
TP-LINK TL-WVR4
TP-LINK TL-WAR4
TP-LINK TL-ER4
TP-LINK TL-R4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable6.870.00000
2Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.000.00113CVE-2008-2052
3Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.280.00000
4GetSimpleCMS index.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00123CVE-2019-9915
5FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.140.00203CVE-2008-5928
6vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.090.00141CVE-2018-6200
7Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined1.270.01871CVE-2007-2046
8OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable1.460.00440CVE-2014-2230
9PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.190.00348CVE-2015-4134
10My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
11Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.380.00119CVE-2010-2338
12E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.040.00087CVE-2008-2867
13vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.230.00181CVE-2007-6138
14phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined1.980.00317CVE-2005-3791
15PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.470.00254CVE-2015-4135
16obgm libcoap Configuration File coap_oscore.c get_split_entry stack-based overflow6.86.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.00042CVE-2024-0962
17Apache Spark UI command injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.97289CVE-2022-33891
18less filename.c close_altfile Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00045CVE-2022-48624
19KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal3.13.0$0-$5k$0-$5kNot DefinedOfficial Fix0.180.00045CVE-2024-1433
20SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting4.94.9$0-$5k$0-$5kNot DefinedNot Defined1.070.00046CVE-2024-1196

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.44.99.46server.toastedweb.euPotaoPotao Express12/24/2020verifiedHigh
237.139.47.16237-139-47-162.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedHigh
346.163.73.99lvps46-163-73-99.dedicated.hosteurope.dePotaoPotao Express12/24/2020verifiedHigh
446.165.228.130PotaoPotao Express12/24/2020verifiedHigh
562.76.42.1462-76-42-14.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedHigh
662.76.184.24562-76-184-245.vm.clodoserver.ruPotaoPotao Express12/24/2020verifiedHigh
762.76.189.181srv.planetaexcel.ruPotaoPotao Express12/24/2020verifiedHigh
864.40.101.43PotaoPotao05/31/2021verifiedHigh
9XX.XX.XXX.XXXxxxxXxxxx05/31/2021verifiedHigh
10XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
11XX.XX.XX.XXXxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
12XX.XX.XXX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
13XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
14XX.XX.XXX.XXXxxxxxxx.xxxx.xxx.xxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
15XX.XXX.XX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
16XX.XXX.XX.XXxxx.xxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
17XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
18XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxxxXxxxx05/31/2021verifiedHigh
19XX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
20XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
21XX.XXX.XXX.XXxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
22XXX.X.XX.XXXxxx.xx.x.xxx.xxxxxxx.xxx.xxXxxxxXxxxx05/31/2021verifiedHigh
23XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
24XXX.XX.XX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
25XXX.XX.XXX.XXXXxxxxXxxxx05/31/2021verifiedHigh
26XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
27XXX.XXX.XX.XXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
28XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
29XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
30XXX.XXX.XXX.XXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
31XXX.XXX.XX.XXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
32XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxx.xxx.xxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
33XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
34XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
35XXX.XX.XXX.XXXXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
36XXX.XXX.XX.XXXxxxxxx.xxx.xxxxxx.xxxXxxxxXxxxx05/31/2021verifiedHigh
37XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh
38XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxXxxxx Xxxxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveHigh
4File/htdocs/admin/dict.php?id=3predictiveHigh
5File/iwguestbook/admin/badwords_edit.asppredictiveHigh
6File/modules/profile/index.phppredictiveHigh
7File/out.phppredictiveMedium
8File/setSystemAdminpredictiveHigh
9File/uncpath/predictiveMedium
10File/usr/bin/pkexecpredictiveHigh
11File/webpages/datapredictiveHigh
12File/wp-admin/options.phppredictiveHigh
13File/zm/index.phppredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxx-xxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxx/xxxxx.xxxpredictiveHigh
17Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
18Filexxx.xxxpredictiveLow
19Filexxxx/xxx/xxxx/xxxxxxxxxxxpredictiveHigh
20Filexxx/xxxxxxxxxxx/xxxxxxxxxxx_xxxxxxxxxx.xxpredictiveHigh
21Filexxxx.xpredictiveLow
22Filexxx-xxx/predictiveMedium
23Filexxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxx.xpredictiveMedium
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.xpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxxx.xpredictiveMedium
31Filexxxxxx.xxxpredictiveMedium
32Filexxx_xxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxx/xxxxxx.xxxpredictiveHigh
35Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxx/xxxxx.xpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxx/xxx.xxxpredictiveHigh
40Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
48Filexxx.xpredictiveLow
49Filexxx/xxxx_xxxxxx.xpredictiveHigh
50Filexxx/xxxxxxxxx.xpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxx.xxxpredictiveLow
54Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxpredictiveHigh
55Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
56Libraryxxxx.xxxpredictiveMedium
57Libraryxxxxxxxx.xxxpredictiveMedium
58Argumentxxxxxx=xxxxpredictiveMedium
59ArgumentxxxxxxxpredictiveLow
60Argumentxxxx_xxxpredictiveMedium
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxpredictiveLow
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxxxxx_xxpredictiveMedium
68ArgumentxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxpredictiveLow
71ArgumentxxxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveHigh
77ArgumentxxxxxxxxpredictiveMedium
78Argumentxxxx_xxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxxxxx_xxxxxpredictiveHigh
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxpredictiveLow
83Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
84ArgumentxxxxxpredictiveLow
85Argumentx_xxxxxxpredictiveMedium
86ArgumentxxxpredictiveLow
87ArgumentxxxxxpredictiveLow
88Input Value../predictiveLow
89Input Value/%xxpredictiveLow
90Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
91Input ValuexxxxxxpredictiveLow
92Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
93Input Value@xxxxxxxx.xxxpredictiveHigh
94Network Portxxx/xxxxpredictiveMedium
95Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!