Potao Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (312)

Język

en	292
de	10
ru	4
it	2
pt	2

Kraj

us	262
ru	20
cn	4
se	2
dk	2

Aktorzy

Potao	10
FIN7	1
Grizzly Steppe	1
Dridex	1
Vobfus	1

Wysiłek

Rodzaj

Not Defined	56
Web Server	14
Content Management System	10
Operating System	10
Firewall Software	6

Sprzedawca

Not Defined	56
Microsoft	14
TP-LINK	6
Fortinet	6
Apple	4

Produkt

Microsoft IIS	6
TP-LINK TL-WVR	4
TP-LINK TL-WAR	4
TP-LINK TL-ER	4
TP-LINK TL-R	4

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.07
2	Bitrix Site Manager redirect.php privilege escalation	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.03	CVE-2008-2052
3	Serendipity exit.php privilege escalation	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.44
4	GetSimpleCMS index.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915
5	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.15	CVE-2008-5928
6	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00122	0.07	CVE-2018-6200
7	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.33	CVE-2007-2046
8	OpenX adclick.php Redirect	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00440	0.51	CVE-2014-2230
9	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.25	CVE-2015-4134
10	My Link Trader out.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.29
11	Vunet VU Web Visitor Analyst redir.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.00119	0.36	CVE-2010-2338
12	E-topbiz Viral DX 1 adclick.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00087	0.08	CVE-2008-2867
13	vu Mass Mailer Login Page redir.asp sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00181	0.07	CVE-2007-6138
14	phpPgAds adclick.php nieznana luka	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00317	0.62	CVE-2005-3791
15	PHPWind goto.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00254	0.15	CVE-2015-4135
16	obgm libcoap Configuration File coap_oscore.c get_split_entry memory corruption	6.8	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.04	CVE-2024-0962
17	Apache Spark UI privilege escalation	7.1	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97290	0.02	CVE-2022-33891
18	less filename.c close_altfile Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.11	CVE-2022-48624
19	KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins directory traversal	3.1	3.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.09	CVE-2024-1433
20	SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.04	CVE-2024-1196

Kampanie (2)

These are the campaigns that can be associated with the actor:

Potao
Xxxxx Xxxxxxx

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	5.44.99.46	server.toastedweb.eu	Potao	Potao Express	2020-12-24	verified	Wysoki
2	37.139.47.162	37-139-47-162.vm.clodoserver.ru	Potao	Potao Express	2020-12-24	verified	Wysoki
3	46.163.73.99	lvps46-163-73-99.dedicated.hosteurope.de	Potao	Potao Express	2020-12-24	verified	Wysoki
4	46.165.228.130		Potao	Potao Express	2020-12-24	verified	Wysoki
5	62.76.42.14	62-76-42-14.vm.clodoserver.ru	Potao	Potao Express	2020-12-24	verified	Wysoki
6	62.76.184.245	62-76-184-245.vm.clodoserver.ru	Potao	Potao Express	2020-12-24	verified	Wysoki
7	62.76.189.181	srv.planetaexcel.ru	Potao	Potao Express	2020-12-24	verified	Wysoki
8	64.40.101.43		Potao	Potao	2021-05-31	verified	Wysoki
9	XX.XX.XXX.XX		Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
10	XX.XXX.XXX.XXX	x-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxx	Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
11	XX.XX.XX.XXX	xxxxxxxxxx.xxx	Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
12	XX.XX.XXX.XXX	xx.xx.xxxx.xxxxxx.xxxxxxxxx.xxx	Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
13	XX.XXX.XX.XXX	xxxxxxxxx.xxxxxxxxxx-xxxxxx.xxx	Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
14	XX.XX.XXX.XXX	xxxxxxx.xxxx.xxx.xxxx.xx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
15	XX.XXX.XX.XXX		Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
16	XX.XXX.XX.XX	xxx.xxxxxxxxxx.xxx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
17	XX.XXX.XX.XXX	xxxx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
18	XX.XXX.XX.XXX	xxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxx	Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
19	XX.XXX.XXX.XX	xxxxx-xxxxxx.xxxxxxx.xx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
20	XX.XX.XXX.XX	xxxx-xx-xx-xxx-xx.xxxxx.xx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
21	XX.XXX.XXX.XX	xxxxx-x.xxxxxxxxxxxxxx.xxx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
22	XXX.X.XX.XXX	xxx.xx.x.xxx.xxxxxxx.xxx.xx	Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
23	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
24	XXX.XX.XX.XXX		Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
25	XXX.XX.XXX.XXX		Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
26	XXX.XXX.XX.XXX	xxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
27	XXX.XXX.XX.XX		Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
28	XXX.XX.XX.XXX	xxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
29	XXX.XX.XX.XXX	xxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
30	XXX.XXX.XXX.XX		Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
31	XXX.XXX.XX.X		Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
32	XXX.XXX.XXX.XXX	xxxxxx.xxxxxxxxxxxx.xxx.xx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
33	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
34	XXX.XX.XXX.XX	xxxxxxxxx.xxxxxxxxxxxxx.xxx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
35	XXX.XX.XXX.XXX		Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
36	XXX.XXX.XX.XXX	xxxxxx.xxx.xxxxxx.xxx	Xxxxx	Xxxxx	2021-05-31	verified	Wysoki
37	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki
38	XXX.XXX.XXX.XXX	xxxxxxxxxxxxx.xxxxxxxxxx.xxxx	Xxxxx	Xxxxx Xxxxxxx	2020-12-24	verified	Wysoki

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Wysoki
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
10	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
11	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
12	TXXXX.XXX	CAPEC-0	CWE-XX	Xxxxxxxxxxxxx	predictive	Wysoki
13	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki
14	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/admin/maintenance/view_designation.php	predictive	Wysoki
2	File	/forum/away.php	predictive	Wysoki
3	File	/frontend/x3/cpanelpro/filelist-thumbs.html	predictive	Wysoki
4	File	/htdocs/admin/dict.php?id=3	predictive	Wysoki
5	File	/iwguestbook/admin/badwords_edit.asp	predictive	Wysoki
6	File	/modules/profile/index.php	predictive	Wysoki
7	File	/out.php	predictive	Medium
8	File	/setSystemAdmin	predictive	Wysoki
9	File	/uncpath/	predictive	Medium
10	File	/usr/bin/pkexec	predictive	Wysoki
11	File	/webpages/data	predictive	Wysoki
12	File	/wp-admin/options.php	predictive	Wysoki
13	File	/zm/index.php	predictive	Wysoki
14	File	xxxxxxx.xxx	predictive	Medium
15	File	xxx-xxxxxxxxxxx.xxx	predictive	Wysoki
16	File	xxxxx/xxxxx.xxx	predictive	Wysoki
17	File	xxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxx	predictive	Wysoki
18	File	xxx.xxx	predictive	Niski
19	File	xxxx/xxx/xxxx/xxxxxxxxxxx	predictive	Wysoki
20	File	xxx/xxxxxxxxxxx/xxxxxxxxxxx_xxxxxxxxxx.xx	predictive	Wysoki
21	File	xxxx.x	predictive	Niski
22	File	xxx-xxx/	predictive	Medium
23	File	xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
24	File	xxxxxx.x	predictive	Medium
25	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
26	File	xxxxxx.xxx	predictive	Medium
27	File	xxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.x	predictive	Wysoki
28	File	xxxxx.xxx	predictive	Medium
29	File	xxxx.xxx	predictive	Medium
30	File	xxxxxxxx.x	predictive	Medium
31	File	xxxxxx.xxx	predictive	Medium
32	File	xxx_xxx.xxx	predictive	Medium
33	File	xxxx.xxx	predictive	Medium
34	File	xxx/xxxxxx.xxx	predictive	Wysoki
35	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Wysoki
36	File	xxxxx.xxx	predictive	Medium
37	File	xxxxxx/xxxxx.x	predictive	Wysoki
38	File	xxxxxxxx.xxx	predictive	Medium
39	File	xxxxxxx/xxx.xxx	predictive	Wysoki
40	File	xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
41	File	xxxxxxx_xxxxxxx.xxx	predictive	Wysoki
42	File	xxxxx.xxx	predictive	Medium
43	File	xxxxx.xxx	predictive	Medium
44	File	xxxxxxxx.xxx	predictive	Medium
45	File	xxxxxxxxxx.xxx	predictive	Wysoki
46	File	xxxxxxxx.xxx	predictive	Medium
47	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Wysoki
48	File	xxx.x	predictive	Niski
49	File	xxx/xxxx_xxxxxx.x	predictive	Wysoki
50	File	xxx/xxxxxxxxx.x	predictive	Wysoki
51	File	xxxxxxxx.xxx	predictive	Medium
52	File	xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
53	File	xxx.xxx	predictive	Niski
54	Library	/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxx	predictive	Wysoki
55	Library	/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxx	predictive	Wysoki
56	Library	xxxx.xxx	predictive	Medium
57	Library	xxxxxxxx.xxx	predictive	Medium
58	Argument	xxxxxx=xxxx	predictive	Medium
59	Argument	xxxxxxx	predictive	Niski
60	Argument	xxxx_xxx	predictive	Medium
61	Argument	xxxxxxxx	predictive	Medium
62	Argument	xxxxxxxx	predictive	Medium
63	Argument	xxxx	predictive	Niski
64	Argument	xxxxxx	predictive	Niski
65	Argument	xxxx	predictive	Niski
66	Argument	xxxxxxxx	predictive	Medium
67	Argument	xxxxx_xx	predictive	Medium
68	Argument	xxxx	predictive	Niski
69	Argument	xxxxxxxx	predictive	Medium
70	Argument	xx	predictive	Niski
71	Argument	xxxxx	predictive	Niski
72	Argument	xxxxx	predictive	Niski
73	Argument	xxxxxxx	predictive	Niski
74	Argument	xxxx	predictive	Niski
75	Argument	xxxx	predictive	Niski
76	Argument	xxxx/xxxxxxxxxxx/xxxxxxxxx	predictive	Wysoki
77	Argument	xxxxxxxx	predictive	Medium
78	Argument	xxxx_xxxx	predictive	Medium
79	Argument	xxxxxxxx	predictive	Medium
80	Argument	xxxxxxxx_xxxxx	predictive	Wysoki
81	Argument	xxxxxxxx	predictive	Medium
82	Argument	xxx	predictive	Niski
83	Argument	xxx_xxxxx/xxxx_xxxxx/xxxx_xxxxx	predictive	Wysoki
84	Argument	xxxxx	predictive	Niski
85	Argument	x_xxxxxx	predictive	Medium
86	Argument	xxx	predictive	Niski
87	Argument	xxxxx	predictive	Niski
88	Input Value	../	predictive	Niski
89	Input Value	/%xx	predictive	Niski
90	Input Value	x+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#	predictive	Wysoki
91	Input Value	xxxxxx	predictive	Niski
92	Input Value	::$xxxxx_xxxxxxxxxx	predictive	Wysoki
93	Input Value	@xxxxxxxx.xxx	predictive	Wysoki
94	Network Port	xxx/xxxx	predictive	Medium
95	Network Port	xxx xxxxxx xxxx	predictive	Wysoki

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!