Potao Analys

IOB - Indicator of Behavior (312)

Tidslinje

Lang

en298
es4
de4
ru2
it2

Land

us264
ru22
cn4
id2
cf2

Skådespelare

Aktiviteter

Intressera

Tidslinje

Typ

Säljare

Produkt

Microsoft IIS6
WordPress4
Microsoft Windows4
DZCP deV!L`z Clanportal4
Microsoft Edge4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable4.130.00000
2Bitrix Site Manager redirect.php privilegier eskalering5.34.7$0-$5k$0-$5kUnprovenUnavailable0.030.00113CVE-2008-2052
3Serendipity exit.php privilegier eskalering6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00000
4GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00123CVE-2019-9915
5FLDS redir.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.080.00203CVE-2008-5928
6vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.180.00141CVE-2018-6200
7Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.470.01871CVE-2007-2046
8OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.530.00440CVE-2014-2230
9PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00348CVE-2015-4134
10My Link Trader out.php sql injektion6.35.7$0-$5kBeräknandeProof-of-ConceptNot Defined0.020.00000
11Vunet VU Web Visitor Analyst redir.asp sql injektion7.37.1$0-$5k$0-$5kHighWorkaround0.090.00119CVE-2010-2338
12E-topbiz Viral DX 1 adclick.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.040.00087CVE-2008-2867
13vu Mass Mailer Login Page redir.asp sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00181CVE-2007-6138
14phpPgAds adclick.php okänd sårbarhet5.35.3$0-$5k$0-$5kNot DefinedNot Defined1.260.00317CVE-2005-3791
15PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.120.00254CVE-2015-4135
16obgm libcoap Configuration File coap_oscore.c get_split_entry minneskorruption6.86.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.090.00042CVE-2024-0962
17Apache Spark UI privilegier eskalering7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.97289CVE-2022-33891
18less filename.c close_altfile Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00045CVE-2022-48624
19KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins kataloggenomgång3.13.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00045CVE-2024-1433
20SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.060.00046CVE-2024-1196

Kampanjer (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
15.44.99.46server.toastedweb.euPotaoPotao Express24/12/2020verifiedHög
237.139.47.16237-139-47-162.vm.clodoserver.ruPotaoPotao Express24/12/2020verifiedHög
346.163.73.99lvps46-163-73-99.dedicated.hosteurope.dePotaoPotao Express24/12/2020verifiedHög
446.165.228.130PotaoPotao Express24/12/2020verifiedHög
562.76.42.1462-76-42-14.vm.clodoserver.ruPotaoPotao Express24/12/2020verifiedHög
662.76.184.24562-76-184-245.vm.clodoserver.ruPotaoPotao Express24/12/2020verifiedHög
762.76.189.181srv.planetaexcel.ruPotaoPotao Express24/12/2020verifiedHög
864.40.101.43PotaoPotao31/05/2021verifiedHög
9XX.XX.XXX.XXXxxxxXxxxx31/05/2021verifiedHög
10XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx31/05/2021verifiedHög
11XX.XX.XX.XXXxxxxxxxxxx.xxxXxxxxXxxxx31/05/2021verifiedHög
12XX.XX.XXX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxx31/05/2021verifiedHög
13XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxXxxxxXxxxx31/05/2021verifiedHög
14XX.XX.XXX.XXXxxxxxxx.xxxx.xxx.xxxx.xxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
15XX.XXX.XX.XXXXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
16XX.XXX.XX.XXxxx.xxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
17XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
18XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxxxXxxxx31/05/2021verifiedHög
19XX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxx.xxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
20XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxxx.xxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
21XX.XXX.XXX.XXxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
22XXX.X.XX.XXXxxx.xx.x.xxx.xxxxxxx.xxx.xxXxxxxXxxxx31/05/2021verifiedHög
23XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxXxxxx31/05/2021verifiedHög
24XXX.XX.XX.XXXXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
25XXX.XX.XXX.XXXXxxxxXxxxx31/05/2021verifiedHög
26XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
27XXX.XXX.XX.XXXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
28XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
29XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
30XXX.XXX.XXX.XXXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
31XXX.XXX.XX.XXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
32XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxx.xxx.xxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
33XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
34XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
35XXX.XX.XXX.XXXXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
36XXX.XXX.XX.XXXxxxxxx.xxx.xxxxxx.xxxXxxxxXxxxx31/05/2021verifiedHög
37XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög
38XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxXxxxx Xxxxxxx24/12/2020verifiedHög

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/maintenance/view_designation.phppredictiveHög
2File/forum/away.phppredictiveHög
3File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveHög
4File/htdocs/admin/dict.php?id=3predictiveHög
5File/iwguestbook/admin/badwords_edit.asppredictiveHög
6File/modules/profile/index.phppredictiveHög
7File/out.phppredictiveMedium
8File/setSystemAdminpredictiveHög
9File/uncpath/predictiveMedium
10File/usr/bin/pkexecpredictiveHög
11File/webpages/datapredictiveHög
12File/wp-admin/options.phppredictiveHög
13File/zm/index.phppredictiveHög
14Filexxxxxxx.xxxpredictiveMedium
15Filexxx-xxxxxxxxxxx.xxxpredictiveHög
16Filexxxxx/xxxxx.xxxpredictiveHög
17Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictiveHög
18Filexxx.xxxpredictiveLåg
19Filexxxx/xxx/xxxx/xxxxxxxxxxxpredictiveHög
20Filexxx/xxxxxxxxxxx/xxxxxxxxxxx_xxxxxxxxxx.xxpredictiveHög
21Filexxxx.xpredictiveLåg
22Filexxx-xxx/predictiveMedium
23Filexxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
24Filexxxxxx.xpredictiveMedium
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.xpredictiveHög
28Filexxxxx.xxxpredictiveMedium
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxxx.xpredictiveMedium
31Filexxxxxx.xxxpredictiveMedium
32Filexxx_xxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxx/xxxxxx.xxxpredictiveHög
35Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHög
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxx/xxxxx.xpredictiveHög
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxx/xxx.xxxpredictiveHög
40Filexxxxxxxxxxxxxxx.xxxpredictiveHög
41Filexxxxxxx_xxxxxxx.xxxpredictiveHög
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxxxx.xxxpredictiveHög
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHög
48Filexxx.xpredictiveLåg
49Filexxx/xxxx_xxxxxx.xpredictiveHög
50Filexxx/xxxxxxxxx.xpredictiveHög
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxxxxx.xxxpredictiveHög
53Filexxx.xxxpredictiveLåg
54Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxpredictiveHög
55Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHög
56Libraryxxxx.xxxpredictiveMedium
57Libraryxxxxxxxx.xxxpredictiveMedium
58Argumentxxxxxx=xxxxpredictiveMedium
59ArgumentxxxxxxxpredictiveLåg
60Argumentxxxx_xxxpredictiveMedium
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxpredictiveLåg
64ArgumentxxxxxxpredictiveLåg
65ArgumentxxxxpredictiveLåg
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxxxxx_xxpredictiveMedium
68ArgumentxxxxpredictiveLåg
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxpredictiveLåg
71ArgumentxxxxxpredictiveLåg
72ArgumentxxxxxpredictiveLåg
73ArgumentxxxxxxxpredictiveLåg
74ArgumentxxxxpredictiveLåg
75ArgumentxxxxpredictiveLåg
76Argumentxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveHög
77ArgumentxxxxxxxxpredictiveMedium
78Argumentxxxx_xxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxxxxx_xxxxxpredictiveHög
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxpredictiveLåg
83Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHög
84ArgumentxxxxxpredictiveLåg
85Argumentx_xxxxxxpredictiveMedium
86ArgumentxxxpredictiveLåg
87ArgumentxxxxxpredictiveLåg
88Input Value../predictiveLåg
89Input Value/%xxpredictiveLåg
90Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHög
91Input ValuexxxxxxpredictiveLåg
92Input Value::$xxxxx_xxxxxxxxxxpredictiveHög
93Input Value@xxxxxxxx.xxxpredictiveHög
94Network Portxxx/xxxxpredictiveMedium
95Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!