Potao 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (312)

时间轴

语言

en292
de10
ru6
es2
pt2

国家/地区

us248
ru20
cn10
lu2
bg2

演员

Potao12
Dridex1
FIN71
Grizzly Steppe1
Vobfus1

活动

利益

时间轴

类型

Not Defined56
Content Management System14
Web Server12
Router Operating System8
Operating System6

供应商

Not Defined44
Microsoft10
TP-LINK6
Juniper4
Apple4

产品

Microsoft IIS6
F5 BIG-IP4
TP-LINK TL-WVR4
TP-LINK TL-WAR4
TP-LINK TL-ER4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.55
2Bitrix Site Manager redirect.php 权限升级5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.00CVE-2008-2052
3Serendipity exit.php 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.30
4GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001230.00CVE-2019-9915
5FLDS redir.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.002030.05CVE-2008-5928
6vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.05CVE-2018-6200
7Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.26CVE-2007-2046
8OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.42CVE-2014-2230
9PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.05CVE-2015-4134
10My Link Trader out.php SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
11Vunet VU Web Visitor Analyst redir.asp SQL注入7.37.1$0-$5k$0-$5kHighWorkaround0.001190.23CVE-2010-2338
12E-topbiz Viral DX 1 adclick.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.000870.08CVE-2008-2867
13vu Mass Mailer Login Page redir.asp SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.02CVE-2007-6138
14phpPgAds adclick.php 未知漏洞5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.49CVE-2005-3791
15PHPWind goto.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002540.07CVE-2015-4135
16obgm libcoap Configuration File coap_oscore.c get_split_entry 内存损坏6.86.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000420.02CVE-2024-0962
17Apache Spark UI 权限升级7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.972710.02CVE-2022-33891
18less filename.c close_altfile Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-48624
19KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins 目录遍历3.13.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-1433
20SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php 跨网站脚本4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.02CVE-2024-1196

活动 (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.44.99.46server.toastedweb.euPotaoPotao Express2020-12-24verified
237.139.47.16237-139-47-162.vm.clodoserver.ruPotaoPotao Express2020-12-24verified
346.163.73.99lvps46-163-73-99.dedicated.hosteurope.dePotaoPotao Express2020-12-24verified
446.165.228.130PotaoPotao Express2020-12-24verified
562.76.42.1462-76-42-14.vm.clodoserver.ruPotaoPotao Express2020-12-24verified
662.76.184.24562-76-184-245.vm.clodoserver.ruPotaoPotao Express2020-12-24verified
762.76.189.181srv.planetaexcel.ruPotaoPotao Express2020-12-24verified
864.40.101.43PotaoPotao2021-05-31verified
9XX.XX.XXX.XXXxxxxXxxxx2021-05-31verified
10XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx2021-05-31verified
11XX.XX.XX.XXXxxxxxxxxxx.xxxXxxxxXxxxx2021-05-31verified
12XX.XX.XXX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxx2021-05-31verified
13XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxXxxxxXxxxx2021-05-31verified
14XX.XX.XXX.XXXxxxxxxx.xxxx.xxx.xxxx.xxXxxxxXxxxx Xxxxxxx2020-12-24verified
15XX.XXX.XX.XXXXxxxxXxxxx Xxxxxxx2020-12-24verified
16XX.XXX.XX.XXxxx.xxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020-12-24verified
17XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020-12-24verified
18XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxxxXxxxx2021-05-31verified
19XX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxx.xxXxxxxXxxxx Xxxxxxx2020-12-24verified
20XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxxx.xxXxxxxXxxxx Xxxxxxx2020-12-24verified
21XX.XXX.XXX.XXxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020-12-24verified
22XXX.X.XX.XXXxxx.xx.x.xxx.xxxxxxx.xxx.xxXxxxxXxxxx2021-05-31verified
23XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxXxxxx2021-05-31verified
24XXX.XX.XX.XXXXxxxxXxxxx Xxxxxxx2020-12-24verified
25XXX.XX.XXX.XXXXxxxxXxxxx2021-05-31verified
26XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx2020-12-24verified
27XXX.XXX.XX.XXXxxxxXxxxx Xxxxxxx2020-12-24verified
28XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx2020-12-24verified
29XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxxx Xxxxxxx2020-12-24verified
30XXX.XXX.XXX.XXXxxxxXxxxx Xxxxxxx2020-12-24verified
31XXX.XXX.XX.XXxxxxXxxxx Xxxxxxx2020-12-24verified
32XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxx.xxx.xxXxxxxXxxxx Xxxxxxx2020-12-24verified
33XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020-12-24verified
34XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020-12-24verified
35XXX.XX.XXX.XXXXxxxxXxxxx Xxxxxxx2020-12-24verified
36XXX.XXX.XX.XXXxxxxxx.xxx.xxxxxx.xxxXxxxxXxxxx2021-05-31verified
37XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxx Xxxxxxx2020-12-24verified
38XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxXxxxx Xxxxxxx2020-12-24verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/maintenance/view_designation.phppredictive
2File/forum/away.phppredictive
3File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictive
4File/htdocs/admin/dict.php?id=3predictive
5File/iwguestbook/admin/badwords_edit.asppredictive
6File/modules/profile/index.phppredictive
7File/out.phppredictive
8File/setSystemAdminpredictive
9File/uncpath/predictive
10File/usr/bin/pkexecpredictive
11File/webpages/datapredictive
12File/wp-admin/options.phppredictive
13File/zm/index.phppredictive
14Filexxxxxxx.xxxpredictive
15Filexxx-xxxxxxxxxxx.xxxpredictive
16Filexxxxx/xxxxx.xxxpredictive
17Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictive
18Filexxx.xxxpredictive
19Filexxxx/xxx/xxxx/xxxxxxxxxxxpredictive
20Filexxx/xxxxxxxxxxx/xxxxxxxxxxx_xxxxxxxxxx.xxpredictive
21Filexxxx.xpredictive
22Filexxx-xxx/predictive
23Filexxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictive
24Filexxxxxx.xpredictive
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
26Filexxxxxx.xxxpredictive
27Filexxxxxxx/xxxx/xxxxxxx/xxxxxxx_xxx.xpredictive
28Filexxxxx.xxxpredictive
29Filexxxx.xxxpredictive
30Filexxxxxxxx.xpredictive
31Filexxxxxx.xxxpredictive
32Filexxx_xxx.xxxpredictive
33Filexxxx.xxxpredictive
34Filexxx/xxxxxx.xxxpredictive
35Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
36Filexxxxx.xxxpredictive
37Filexxxxxx/xxxxx.xpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxxxx/xxx.xxxpredictive
40Filexxxxxxxxxxxxxxx.xxxpredictive
41Filexxxxxxx_xxxxxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxxxxx.xxxpredictive
45Filexxxxxxxxxx.xxxpredictive
46Filexxxxxxxx.xxxpredictive
47Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictive
48Filexxx.xpredictive
49Filexxx/xxxx_xxxxxx.xpredictive
50Filexxx/xxxxxxxxx.xpredictive
51Filexxxxxxxx.xxxpredictive
52Filexxxxxxxxxxxxxxx.xxxpredictive
53Filexxx.xxxpredictive
54Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxpredictive
55Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictive
56Libraryxxxx.xxxpredictive
57Libraryxxxxxxxx.xxxpredictive
58Argumentxxxxxx=xxxxpredictive
59Argumentxxxxxxxpredictive
60Argumentxxxx_xxxpredictive
61Argumentxxxxxxxxpredictive
62Argumentxxxxxxxxpredictive
63Argumentxxxxpredictive
64Argumentxxxxxxpredictive
65Argumentxxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentxxxxx_xxpredictive
68Argumentxxxxpredictive
69Argumentxxxxxxxxpredictive
70Argumentxxpredictive
71Argumentxxxxxpredictive
72Argumentxxxxxpredictive
73Argumentxxxxxxxpredictive
74Argumentxxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxx/xxxxxxxxxxx/xxxxxxxxxpredictive
77Argumentxxxxxxxxpredictive
78Argumentxxxx_xxxxpredictive
79Argumentxxxxxxxxpredictive
80Argumentxxxxxxxx_xxxxxpredictive
81Argumentxxxxxxxxpredictive
82Argumentxxxpredictive
83Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictive
84Argumentxxxxxpredictive
85Argumentx_xxxxxxpredictive
86Argumentxxxpredictive
87Argumentxxxxxpredictive
88Input Value../predictive
89Input Value/%xxpredictive
90Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictive
91Input Valuexxxxxxpredictive
92Input Value::$xxxxx_xxxxxxxxxxpredictive
93Input Value@xxxxxxxx.xxxpredictive
94Network Portxxx/xxxxpredictive
95Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!