Potao 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (312)

タイムライン

言語

en296
de10
pt4
ru2

国・地域

us248
ru32
cn10
lu4
cf2

アクター

Potao7
Dridex1
FIN71
Grizzly Steppe1
Vobfus1

アクティビティ

関心

タイムライン

タイプ

Not Defined60
Web Server14
Router Operating System8
Content Management System8
Firewall Software6

ベンダー

Not Defined50
Microsoft14
TP-LINK6
Fortinet4
F54

製品

Microsoft IIS8
Microsoft Windows4
F5 BIG-IP4
TP-LINK TL-WVR4
TP-LINK TL-WAR4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.95
2Bitrix Site Manager redirect.php 特権昇格5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
3Serendipity exit.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.35
4GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001230.00CVE-2019-9915
5FLDS redir.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.002030.22CVE-2008-5928
6vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.39CVE-2018-6200
7Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.56CVE-2007-2046
8OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.69CVE-2014-2230
9PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.04CVE-2015-4134
10My Link Trader out.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.39
11Vunet VU Web Visitor Analyst redir.asp SQLインジェクション7.37.1$0-$5k$0-$5kHighWorkaround0.001190.30CVE-2010-2338
12E-topbiz Viral DX 1 adclick.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.000870.08CVE-2008-2867
13vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.09CVE-2007-6138
14phpPgAds adclick.php 未知の脆弱性5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003171.13CVE-2005-3791
15PHPWind goto.php クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002540.07CVE-2015-4135
16obgm libcoap Configuration File coap_oscore.c get_split_entry メモリ破損6.86.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000420.08CVE-2024-0962
17Apache Spark UI 特権昇格7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.972710.02CVE-2022-33891
18less filename.c close_altfile Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2022-48624
19KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins ディレクトリトラバーサル3.13.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2024-1433
20SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php クロスサイトスクリプティング4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2024-1196

キャンペーン (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.44.99.46server.toastedweb.euPotaoPotao Express2020年12月24日verified
237.139.47.16237-139-47-162.vm.clodoserver.ruPotaoPotao Express2020年12月24日verified
346.163.73.99lvps46-163-73-99.dedicated.hosteurope.dePotaoPotao Express2020年12月24日verified
446.165.228.130PotaoPotao Express2020年12月24日verified
562.76.42.1462-76-42-14.vm.clodoserver.ruPotaoPotao Express2020年12月24日verified
662.76.184.24562-76-184-245.vm.clodoserver.ruPotaoPotao Express2020年12月24日verified
762.76.189.181srv.planetaexcel.ruPotaoPotao Express2020年12月24日verified
864.40.101.43PotaoPotao2021年05月31日verified
9XX.XX.XXX.XXXxxxxXxxxx2021年05月31日verified
10XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx2021年05月31日verified
11XX.XX.XX.XXXxxxxxxxxxx.xxxXxxxxXxxxx2021年05月31日verified
12XX.XX.XXX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxx2021年05月31日verified
13XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxXxxxxXxxxx2021年05月31日verified
14XX.XX.XXX.XXXxxxxxxx.xxxx.xxx.xxxx.xxXxxxxXxxxx Xxxxxxx2020年12月24日verified
15XX.XXX.XX.XXXXxxxxXxxxx Xxxxxxx2020年12月24日verified
16XX.XXX.XX.XXxxx.xxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020年12月24日verified
17XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020年12月24日verified
18XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxxxXxxxx2021年05月31日verified
19XX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxx.xxXxxxxXxxxx Xxxxxxx2020年12月24日verified
20XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxxx.xxXxxxxXxxxx Xxxxxxx2020年12月24日verified
21XX.XXX.XXX.XXxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020年12月24日verified
22XXX.X.XX.XXXxxx.xx.x.xxx.xxxxxxx.xxx.xxXxxxxXxxxx2021年05月31日verified
23XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxXxxxx2021年05月31日verified
24XXX.XX.XX.XXXXxxxxXxxxx Xxxxxxx2020年12月24日verified
25XXX.XX.XXX.XXXXxxxxXxxxx2021年05月31日verified
26XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx2020年12月24日verified
27XXX.XXX.XX.XXXxxxxXxxxx Xxxxxxx2020年12月24日verified
28XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx2020年12月24日verified
29XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx2020年12月24日verified
30XXX.XXX.XXX.XXXxxxxXxxxx Xxxxxxx2020年12月24日verified
31XXX.XXX.XX.XXxxxxXxxxx Xxxxxxx2020年12月24日verified
32XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxx.xxx.xxXxxxxXxxxx Xxxxxxx2020年12月24日verified
33XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020年12月24日verified
34XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020年12月24日verified
35XXX.XX.XXX.XXXXxxxxXxxxx Xxxxxxx2020年12月24日verified
36XXX.XXX.XX.XXXxxxxxx.xxx.xxxxxx.xxxXxxxxXxxxx2021年05月31日verified
37XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020年12月24日verified
38XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxXxxxx Xxxxxxx2020年12月24日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/maintenance/view_designation.phppredictive
2File/forum/away.phppredictive
3File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictive
4File/htdocs/admin/dict.php?id=3predictive
5File/iwguestbook/admin/badwords_edit.asppredictive
6File/modules/profile/index.phppredictive
7File/out.phppredictive
8File/setSystemAdminpredictive
9File/uncpath/predictive
10File/usr/bin/pkexecpredictive
11File/webpages/datapredictive
12File/wp-admin/options.phppredictive
13File/zm/index.phppredictive
14Filexxxxxxx.xxxpredictive
15Filexxx-xxxxxxxxxxx.xxxpredictive
16Filexxxxx/xxxxx.xxxpredictive
17Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictive
18Filexxx.xxxpredictive
19Filexxxx/xxx/xxxx/xxxxxxxxxxxpredictive
20Filexxx/xxxxxxxxxxx/xxxxxxxxxxx_xxxxxxxxxx.xxpredictive
21Filexxxx.xpredictive
22Filexxx-xxx/predictive
23Filexxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictive
24Filexxxxxx.xpredictive
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
26Filexxxxxx.xxxpredictive
27Filexxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.xpredictive
28Filexxxxx.xxxpredictive
29Filexxxx.xxxpredictive
30Filexxxxxxxx.xpredictive
31Filexxxxxx.xxxpredictive
32Filexxx_xxx.xxxpredictive
33Filexxxx.xxxpredictive
34Filexxx/xxxxxx.xxxpredictive
35Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
36Filexxxxx.xxxpredictive
37Filexxxxxx/xxxxx.xpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxxxx/xxx.xxxpredictive
40Filexxxxxxxxxxxxxxx.xxxpredictive
41Filexxxxxxx_xxxxxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxxxxx.xxxpredictive
45Filexxxxxxxxxx.xxxpredictive
46Filexxxxxxxx.xxxpredictive
47Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictive
48Filexxx.xpredictive
49Filexxx/xxxx_xxxxxx.xpredictive
50Filexxx/xxxxxxxxx.xpredictive
51Filexxxxxxxx.xxxpredictive
52Filexxxxxxxxxxxxxxx.xxxpredictive
53Filexxx.xxxpredictive
54Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxpredictive
55Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictive
56Libraryxxxx.xxxpredictive
57Libraryxxxxxxxx.xxxpredictive
58Argumentxxxxxx=xxxxpredictive
59Argumentxxxxxxxpredictive
60Argumentxxxx_xxxpredictive
61Argumentxxxxxxxxpredictive
62Argumentxxxxxxxxpredictive
63Argumentxxxxpredictive
64Argumentxxxxxxpredictive
65Argumentxxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentxxxxx_xxpredictive
68Argumentxxxxpredictive
69Argumentxxxxxxxxpredictive
70Argumentxxpredictive
71Argumentxxxxxpredictive
72Argumentxxxxxpredictive
73Argumentxxxxxxxpredictive
74Argumentxxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxx/xxxxxxxxxxx/xxxxxxxxxpredictive
77Argumentxxxxxxxxpredictive
78Argumentxxxx_xxxxpredictive
79Argumentxxxxxxxxpredictive
80Argumentxxxxxxxx_xxxxxpredictive
81Argumentxxxxxxxxpredictive
82Argumentxxxpredictive
83Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictive
84Argumentxxxxxpredictive
85Argumentx_xxxxxxpredictive
86Argumentxxxpredictive
87Argumentxxxxxpredictive
88Input Value../predictive
89Input Value/%xxpredictive
90Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictive
91Input Valuexxxxxxpredictive
92Input Value::$xxxxx_xxxxxxxxxxpredictive
93Input Value@xxxxxxxx.xxxpredictive
94Network Portxxx/xxxxpredictive
95Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!