GoMet Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (221)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en170
zh44
ru4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

la216
us4
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike12
Ave Maria8
AsyncRAT6
RedLine Stealer6
Lazarus4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined82
Content Management System14
WordPress Plugin12
Programming Language Software10
Groupware Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined88
Microsoft16
Apache6
Fortinet4
Adobe4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Moodle8
novel-plus4
Apache Tomcat4
Microsoft Office4
Adobe ColdFusion4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010756.67CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.27CVE-2020-15906
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.81CVE-2010-0966
4Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.45
6LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
7WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
8ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.05CVE-2020-7847
9request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
10PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
11nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.47CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.330480.00CVE-2021-34480
13DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.00CVE-2022-41479
14Basilix Webmail login.php3 command injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
15JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
16Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001820.00CVE-2023-21735
17Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
18CouchCMS mysql2i.func.php Path information disclosure3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
19Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.05CVE-2021-29114
20Hikvision Tablet DS-D5B86RB config5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2023-33806

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Ukraine

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1111.90.139.122server1.kamon.laGoMetUkraine07/21/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/adminPage/conf/reloadpredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/api/v2/cli/commandspredictiveHigh
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
6File/DXR.axdpredictiveMedium
7File/forum/away.phppredictiveHigh
8File/mfsNotice/pagepredictiveHigh
9File/novel/bookSetting/listpredictiveHigh
10File/novel/userFeedback/listpredictiveHigh
11File/owa/auth/logon.aspxpredictiveHigh
12File/spip.phppredictiveMedium
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHigh
14File/zm/index.phppredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxx.xxxpredictiveMedium
20Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
21Filexxxx_xxxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
24Filexxxxx-xxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
27Filexxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx-xxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxxxx_xxxx.xxxpredictiveHigh
32Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxx/xxxxxx.xxxpredictiveHigh
34Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
35Filexxxxx.xxxxpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
38Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
39Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
40Filexxxx_xxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxx.xxxxpredictiveMedium
44Filexx_xxxx.xpredictiveMedium
45Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
46Filexxxxxxx_xxxx.xxxpredictiveHigh
47Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
50Filexxxxxxx_xxxx.xxxpredictiveHigh
51Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
52Filexxxx_xxxxx.xxxxpredictiveHigh
53Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
54Filexxx/xxxx/xxxxpredictiveHigh
55Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
56Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
58Filexxxx_xxxxxx.xxpredictiveHigh
59Filexxxx-xxxxx.xxxpredictiveHigh
60Filexxxx-xxxxxxxx.xxxpredictiveHigh
61Filexxxxxx_xxxxx.xxxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxxxxx-xxxxx.xxxpredictiveHigh
64Filexxxx_xxxxx.xxxpredictiveHigh
65Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
66Filexxxx.xxxpredictiveMedium
67Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
68Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
69Filexxxx.xxxpredictiveMedium
70File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
71File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
72Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
73Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
74Argumentxxx_xxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxxpredictiveMedium
78Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
79Argumentxxxxx_xxxxpredictiveMedium
80Argumentxxxx_xxx_xxxxpredictiveHigh
81ArgumentxxxxxxxxxxpredictiveMedium
82ArgumentxxxpredictiveLow
83ArgumentxxxxxxxxxxxxxxxpredictiveHigh
84ArgumentxxxxpredictiveLow
85Argumentxxxxx->xxxxpredictiveMedium
86Argumentxxxxxxxxx_xxxxxxpredictiveHigh
87ArgumentxxxxxxxxxpredictiveMedium
88Argumentxx_xxxxxxxpredictiveMedium
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxxpredictiveLow
92Argumentxxxxxx_xxxxxpredictiveMedium
93Argumentxx_xxpredictiveLow
94Argumentxxxxxxx[xxxxxxx]predictiveHigh
95ArgumentxxxxxxxpredictiveLow
96ArgumentxxxxxxpredictiveLow
97ArgumentxxxxxpredictiveLow
98ArgumentxxpredictiveLow
99ArgumentxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101ArgumentxxxxpredictiveLow
102Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
105ArgumentxxxxxxxpredictiveLow
106ArgumentxxxxpredictiveLow
107Argumentxxxxxx_xxxxxxpredictiveHigh
108Argumentxxxxxxxx_xxpredictiveMedium
109Argumentxxxxxx_xxxxxpredictiveMedium
110Argumentxxxx_xxxxpredictiveMedium
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxxxxxpredictiveLow
114ArgumentxxxpredictiveLow
115ArgumentxxxxxpredictiveLow
116ArgumentxxxpredictiveLow
117ArgumentxxxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argument_xxx_xxxxxxxxxxx_predictiveHigh
120Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
121Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
122Pattern|xx xx xx xx|predictiveHigh
123Network PortxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!