GoMet Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (223)

Cronología

Idioma

en162
zh48
de6
pl4
es2

País

la218
us6

Actores

Cobalt Strike12
Ave Maria9
RedLine Stealer7
AsyncRAT5
Remcos4

Ocupaciones

Interesar

Cronología

Escribe

Not Defined86
Content Management System18
Operating System16
Groupware Software10
WordPress Plugin6

Proveedor

Not Defined82
Microsoft18
Apache6
Atlassian6
Cisco4

Producto

Microsoft Windows10
Atlassian JIRA Server4
Atlassian Data Center4
Linux Kernel4
Google Android4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1TikiWiki tiki-register.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
2Tiki Admin Password tiki-login.php autenticación débil8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.80CVE-2020-15906
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.54
4DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.80CVE-2010-0966
5Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
6LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
7WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
8ipTIME NAS-I Bulletin Manage escalada de privilegios7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.05CVE-2020-7847
9request-baskets API Request {name} escalada de privilegios6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.05CVE-2023-27163
10PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.05CVE-2007-1287
11nginx escalada de privilegios6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.45CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.377400.00CVE-2021-34480
13DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd escalada de privilegios4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.17CVE-2022-41479
14Basilix Webmail login.php3 escalada de privilegios7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
15JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
16Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001820.00CVE-2023-21735
17Alt-N MDaemon Worldclient escalada de privilegios4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
18CouchCMS mysql2i.func.php Path divulgación de información3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
19Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.05CVE-2021-29114
20Appleple A-Blog CMS directory traversal4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-27279

Campañas (1)

These are the campaigns that can be associated with the actor:

  • Ukraine

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1111.90.139.122server1.kamon.laGoMetUkraine2022-07-21verifiedAlto

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClaseVulnerabilidadVector de accesoEscribeConfianza
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin/dl_sendmail.phppredictiveAlto
2File/adminPage/conf/reloadpredictiveAlto
3File/api/baskets/{name}predictiveAlto
4File/api/v2/cli/commandspredictiveAlto
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveAlto
6File/DXR.axdpredictiveMedio
7File/forum/away.phppredictiveAlto
8File/mfsNotice/pagepredictiveAlto
9File/novel/bookSetting/listpredictiveAlto
10File/novel/userFeedback/listpredictiveAlto
11File/owa/auth/logon.aspxpredictiveAlto
12File/spip.phppredictiveMedio
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveAlto
14File/zm/index.phppredictiveAlto
15Filexxxxxxx.xxxpredictiveMedio
16Filexxxxx.xxxxxxxxx.xxxpredictiveAlto
17Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
18Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
19Filexxxx.xxxpredictiveMedio
20Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveAlto
21Filexxxx_xxxxxxx.xxxpredictiveAlto
22Filexxxxx.xxxpredictiveMedio
23Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveAlto
24Filexxxxx-xxxxxxx.xxxpredictiveAlto
25Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
26Filexxxxxxxxxx\xxxx.xxxpredictiveAlto
27Filexxxxxxxxxxx.xxxpredictiveAlto
28Filexxxx-xxxxxx.xxxpredictiveAlto
29Filexxxxxxxxxxx.xxxxx.xxxpredictiveAlto
30Filexxxx.xxxpredictiveMedio
31Filexxxxx_xxxx.xxxpredictiveAlto
32Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
33Filexxx/xxxxxx.xxxpredictiveAlto
34Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveAlto
35Filexxxxx.xxxxpredictiveMedio
36Filexxxxx.xxxpredictiveMedio
37Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveAlto
38Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveAlto
39Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveAlto
40Filexxxx_xxxxxxx.xxxpredictiveAlto
41Filexxxxx.xxxxpredictiveMedio
42Filexxxxx.xxxpredictiveMedio
43Filexxxx.xxxxpredictiveMedio
44Filexx_xxxx.xpredictiveMedio
45Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveAlto
46Filexxxxxxx_xxxx.xxxpredictiveAlto
47Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
48Filexxxxxxx.xxxpredictiveMedio
49Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveAlto
50Filexxxxxxx_xxxx.xxxpredictiveAlto
51Filexxxx_xxxx_xxxxxx.xxxpredictiveAlto
52Filexxxx_xxxxx.xxxxpredictiveAlto
53Filexxxxxxxxxx_xxxx.xxxpredictiveAlto
54Filexxx/xxxx/xxxxpredictiveAlto
55Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveAlto
56Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
57Filexxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
58Filexxxx_xxxxxx.xxpredictiveAlto
59Filexxxx-xxxxx.xxxpredictiveAlto
60Filexxxx-xxxxxxxx.xxxpredictiveAlto
61Filexxxxxx_xxxxx.xxxpredictiveAlto
62Filexxxxxx.xxxpredictiveMedio
63Filexxxxxxx-xxxxx.xxxpredictiveAlto
64Filexxxx_xxxxx.xxxpredictiveAlto
65Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
66Filexxxx.xxxpredictiveMedio
67Filexx-xxxxx-xxxxxx.xxxpredictiveAlto
68Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
69Filexxxx.xxxpredictiveMedio
70File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveAlto
71File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveAlto
72Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveAlto
73Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveAlto
74Argumentxxx_xxxpredictiveBajo
75ArgumentxxxxpredictiveBajo
76ArgumentxxxxxxxxxpredictiveMedio
77ArgumentxxxxxxxxpredictiveMedio
78Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveAlto
79Argumentxxxxx_xxxxpredictiveMedio
80Argumentxxxx_xxx_xxxxpredictiveAlto
81ArgumentxxxxxxxxxxpredictiveMedio
82ArgumentxxxpredictiveBajo
83ArgumentxxxxxxxxxxxxxxxpredictiveAlto
84ArgumentxxxxpredictiveBajo
85Argumentxxxxx->xxxxpredictiveMedio
86Argumentxxxxxxxxx_xxxxxxpredictiveAlto
87ArgumentxxxxxxxxxpredictiveMedio
88Argumentxx_xxxxxxxpredictiveMedio
89ArgumentxxxxpredictiveBajo
90ArgumentxxxxxxxxpredictiveMedio
91ArgumentxxxxxpredictiveBajo
92Argumentxxxxxx_xxxxxpredictiveMedio
93Argumentxx_xxpredictiveBajo
94Argumentxxxxxxx[xxxxxxx]predictiveAlto
95ArgumentxxxxxxxpredictiveBajo
96ArgumentxxxxxxpredictiveBajo
97ArgumentxxxxxpredictiveBajo
98ArgumentxxpredictiveBajo
99ArgumentxxxpredictiveBajo
100ArgumentxxxxpredictiveBajo
101ArgumentxxxxpredictiveBajo
102Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveAlto
103ArgumentxxxxxxxxpredictiveMedio
104Argumentxxxxxx/xxxxx/xxxxpredictiveAlto
105ArgumentxxxxxxxpredictiveBajo
106ArgumentxxxxpredictiveBajo
107Argumentxxxxxx_xxxxxxpredictiveAlto
108Argumentxxxxxxxx_xxpredictiveMedio
109Argumentxxxxxx_xxxxxpredictiveMedio
110Argumentxxxx_xxxxpredictiveMedio
111ArgumentxxxxpredictiveBajo
112ArgumentxxxxxxpredictiveBajo
113ArgumentxxxxxxxpredictiveBajo
114ArgumentxxxpredictiveBajo
115ArgumentxxxxxpredictiveBajo
116ArgumentxxxpredictiveBajo
117ArgumentxxxxxxpredictiveBajo
118ArgumentxxxxxxxxpredictiveMedio
119Argument_xxx_xxxxxxxxxxx_predictiveAlto
120Input Valuexxxxxxxxx' xxx 'x'='xpredictiveAlto
121Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
122Pattern|xx xx xx xx|predictiveAlto
123Network PortxxxxxpredictiveBajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!