GoMet Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (148)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en128
zh10
pl4
ru4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

la142
us6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike8
RedLine Stealer5
AsyncRAT4
RecordBreaker4
Ave Maria3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Content Management System10
Operating System10
Programming Language Software6
WordPress Plugin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined60
Microsoft10
Qualcomm4
Google2
Cisco2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Qualcomm Snapdragon Mobile4
CodeIgniter4
Moodle4
Google Android2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix4.800.00786CVE-2020-15906
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix10.000.00922CVE-2006-6168
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.770.00954CVE-2010-0966
4PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.320.00917CVE-2007-1287
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.580.00000CVE-2020-12440
6Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.050.77568CVE-2021-34480
7DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.090.00096CVE-2022-41479
8Basilix Webmail login.php3 command injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00000
9JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.220.00489CVE-2010-5048
10Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.090.00162CVE-2023-21735
11Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00092CVE-2021-27182
12CouchCMS mysql2i.func.php Path information disclosure3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00000CVE-2019-1010042
13Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00123CVE-2021-29114
14Contec SolarView Compact network_test.php command injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.040.95265CVE-2022-40881
15LumisXP API PageControllerXml.jsp xml external entity reference6.76.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.68126CVE-2021-27931
16Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.100.00061CVE-2023-38182
17Hsycms Add Category Module cate.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00104CVE-2023-1349
18Floating Chat Widget Plugin sql injection5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00050CVE-2022-3858
19JetEngine Plugin code injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00107CVE-2023-1406
20gogs server-side request forgery4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00188CVE-2022-0870

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Ukraine

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1111.90.139.122server1.kamon.laGoMetUkraine07/21/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/api/v2/cli/commandspredictiveHigh
3File/DXR.axdpredictiveMedium
4File/forum/away.phppredictiveHigh
5File/owa/auth/logon.aspxpredictiveHigh
6File/spip.phppredictiveMedium
7File/zm/index.phppredictiveHigh
8Fileadmin.jcomments.phppredictiveHigh
9Fileapplication/modules/admin/views/ecommerce/products.phppredictiveHigh
10Filebase/ErrorHandler.phppredictiveHigh
11Filexxxx.xxxpredictiveMedium
12Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
13Filexxxx_xxxxxxx.xxxpredictiveHigh
14Filexxxxx-xxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
16Filexxxx-xxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
18Filexxxx.xxxpredictiveMedium
19Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
24Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
25Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
26Filexxxx_xxxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxxpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexx_xxxx.xpredictiveMedium
30Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
31Filexxxxxxx_xxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
35Filexxxxxxx_xxxx.xxxpredictiveHigh
36Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
37Filexxxx_xxxxx.xxxxpredictiveHigh
38Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
41Filexxxx-xxxxx.xxxpredictiveHigh
42Filexxxx-xxxxxxxx.xxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxxxxxx-xxxxx.xxxpredictiveHigh
45Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
50File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
51Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
52Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
53Argumentxxx_xxxpredictiveLow
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
57Argumentxxxxx_xxxxpredictiveMedium
58Argumentxxxx_xxx_xxxxpredictiveHigh
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxxxxxxxxpredictiveHigh
61Argumentxxxxx->xxxxpredictiveMedium
62Argumentxxxxxxxxx_xxxxxxpredictiveHigh
63ArgumentxxxxxxxxxpredictiveMedium
64Argumentxx_xxxxxxxpredictiveMedium
65ArgumentxxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxx_xxpredictiveLow
68Argumentxxxxxxx[xxxxxxx]predictiveHigh
69ArgumentxxxxxpredictiveLow
70ArgumentxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxxpredictiveLow
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75Argumentxxxxxx_xxxxxxpredictiveHigh
76Argumentxxxxxxxx_xxpredictiveMedium
77Argumentxxxxxx_xxxxxpredictiveMedium
78Argumentxxxx_xxxxpredictiveMedium
79ArgumentxxxxxxxpredictiveLow
80ArgumentxxxxxpredictiveLow
81ArgumentxxxpredictiveLow
82ArgumentxxxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84Argument_xxx_xxxxxxxxxxx_predictiveHigh
85Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
86Pattern|xx xx xx xx|predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!