Potao Analysis

IOB - Indicator of Behavior (176)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
ru4
de4
es2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us102
ru30
cn8
gb4
lu4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Edge4
Microsoft IIS4
F5 BIG-IP4
WordPress4
Fortinet FortiOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.250.00000
2Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.280.01055CVE-2008-2052
3vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.200.00885CVE-2018-6200
4Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.140.00000
5Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.250.01213CVE-2007-2046
6OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.400.01213CVE-2014-2230
7Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.710.01139CVE-2010-2338
8E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.030.00986CVE-2008-2867
9Apache Spark UI command injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.59660CVE-2022-33891
10My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.200.00000
11phpMyAdmin Redirect url.php 7pk security7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01408CVE-2015-7873
12Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control7.97.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-47577
13vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.140.01139CVE-2007-6138
14pacparser pacparser.c pacparser_find_proxy buffer overflow5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00950CVE-2019-25078
15phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.170.01055CVE-2005-3791
16FreeBSD Ping pr_pack stack-based overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.00000CVE-2022-23093
17Piwigo Password Reset mt_rand weak password5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2016-3735
18GetSimpleCMS index.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.110.00885CVE-2019-9915
19WP Fastest Cache pathname traversal3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01061CVE-2021-20714
20Modern Events Calendar Lite Plugin Export access control5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.010.08382CVE-2021-24146

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.44.99.46server.toastedweb.euPotaoPotao ExpressverifiedHigh
237.139.47.16237-139-47-162.vm.clodoserver.ruPotaoPotao ExpressverifiedHigh
346.163.73.99lvps46-163-73-99.dedicated.hosteurope.dePotaoPotao ExpressverifiedHigh
446.165.228.130PotaoPotao ExpressverifiedHigh
562.76.42.1462-76-42-14.vm.clodoserver.ruPotaoPotao ExpressverifiedHigh
662.76.184.24562-76-184-245.vm.clodoserver.ruPotaoPotao ExpressverifiedHigh
762.76.189.181srv.planetaexcel.ruPotaoPotao ExpressverifiedHigh
864.40.101.43PotaoPotaoverifiedHigh
9XX.XX.XXX.XXXxxxxXxxxxverifiedHigh
10XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxverifiedHigh
11XX.XX.XX.XXXxxxxxxxxxx.xxxXxxxxXxxxxverifiedHigh
12XX.XX.XXX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxxverifiedHigh
13XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxXxxxxXxxxxverifiedHigh
14XX.XX.XXX.XXXxxxxxxx.xxxx.xxx.xxxx.xxXxxxxXxxxx XxxxxxxverifiedHigh
15XX.XXX.XX.XXXXxxxxXxxxx XxxxxxxverifiedHigh
16XX.XXX.XX.XXxxx.xxxxxxxxxx.xxxXxxxxXxxxx XxxxxxxverifiedHigh
17XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxXxxxx XxxxxxxverifiedHigh
18XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxxxXxxxxverifiedHigh
19XX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxx.xxXxxxxXxxxx XxxxxxxverifiedHigh
20XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxxx.xxXxxxxXxxxx XxxxxxxverifiedHigh
21XX.XXX.XXX.XXxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxXxxxx XxxxxxxverifiedHigh
22XXX.X.XX.XXXxxx.xx.x.xxx.xxxxxxx.xxx.xxXxxxxXxxxxverifiedHigh
23XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxXxxxxverifiedHigh
24XXX.XX.XX.XXXXxxxxXxxxx XxxxxxxverifiedHigh
25XXX.XX.XXX.XXXXxxxxXxxxxverifiedHigh
26XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx XxxxxxxverifiedHigh
27XXX.XXX.XX.XXXxxxxXxxxx XxxxxxxverifiedHigh
28XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx XxxxxxxverifiedHigh
29XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx XxxxxxxverifiedHigh
30XXX.XXX.XXX.XXXxxxxXxxxx XxxxxxxverifiedHigh
31XXX.XXX.XX.XXxxxxXxxxx XxxxxxxverifiedHigh
32XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxx.xxx.xxXxxxxXxxxx XxxxxxxverifiedHigh
33XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx XxxxxxxverifiedHigh
34XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxx XxxxxxxverifiedHigh
35XXX.XX.XXX.XXXXxxxxXxxxx XxxxxxxverifiedHigh
36XXX.XXX.XX.XXXxxxxxx.xxx.xxxxxx.xxxXxxxxXxxxxverifiedHigh
37XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx XxxxxxxverifiedHigh
38XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxXxxxx XxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (84)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveHigh
3File/htdocs/admin/dict.php?id=3predictiveHigh
4File/iwguestbook/admin/badwords_edit.asppredictiveHigh
5File/out.phppredictiveMedium
6File/setSystemAdminpredictiveHigh
7File/uncpath/predictiveMedium
8File/usr/bin/pkexecpredictiveHigh
9File/webpages/datapredictiveHigh
10File/wp-admin/options.phppredictiveHigh
11File/zm/index.phppredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxx/xxxxx.xxxpredictiveHigh
14Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
15Filexxx.xxxpredictiveLow
16Filexxxx/xxx/xxxx/xxxxxxxxxxxpredictiveHigh
17Filexxx/xxxxxxxxxxx/xxxxxxxxxxx_xxxxxxxxxx.xxpredictiveHigh
18Filexxxx.xpredictiveLow
19Filexxx-xxx/predictiveMedium
20Filexxxxxx.xpredictiveMedium
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.xpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Filexxx/xxxxxx.xxxpredictiveHigh
29Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxx/xxxxx.xpredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
40Filexxx.xpredictiveLow
41Filexxx/xxxxxxxxx.xpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxx.xxxpredictiveLow
45Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxpredictiveHigh
46Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
47Libraryxxxx.xxxpredictiveMedium
48Libraryxxxxxxxx.xxxpredictiveMedium
49Argumentxxxxxx=xxxxpredictiveMedium
50ArgumentxxxxxxxpredictiveLow
51Argumentxxxx_xxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxpredictiveLow
55ArgumentxxxxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58Argumentxxxxx_xxpredictiveMedium
59ArgumentxxxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63ArgumentxxxxxpredictiveLow
64ArgumentxxxxxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxxxxpredictiveMedium
68Argumentxxxx_xxxxpredictiveMedium
69Argumentxxxxxxxx_xxxxxpredictiveHigh
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxpredictiveLow
72Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
73ArgumentxxxxxpredictiveLow
74Argumentx_xxxxxxpredictiveMedium
75ArgumentxxxpredictiveLow
76ArgumentxxxxxpredictiveLow
77Input Value../predictiveLow
78Input Value/%xxpredictiveLow
79Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
80Input ValuexxxxxxpredictiveLow
81Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
82Input Value@xxxxxxxx.xxxpredictiveHigh
83Network Portxxx/xxxxpredictiveMedium
84Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!