GoMet 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (221)

时间轴

语言

en178
zh40
pl4

国家/地区

la216
us4
gb2

演员

Cobalt Strike10
Ave Maria8
AsyncRAT5
RedLine Stealer5
Lazarus3

活动

利益

时间轴

类型

Not Defined92
Content Management System20
WordPress Plugin10
Groupware Software8
Operating System8

供应商

Not Defined86
Microsoft14
Revive6
Apache4
Eclipse4

产品

CodeIgniter6
Microsoft Windows6
Revive Adserver6
Microsoft Exchange Server4
Moodle4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.03CVE-2006-6168
2Tiki Admin Password tiki-login.php 弱身份验证8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.98CVE-2020-15906
3DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.46CVE-2010-0966
4Drupal Sanitization API 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.95
6LiteSpeed Cache Plugin Shortcode 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
7WebTitan Appliance Extensions Persistent 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
8ipTIME NAS-I Bulletin Manage 权限升级7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
9request-baskets API Request {name} 权限升级6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
10PHP phpinfo 跨网站脚本4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
11nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.26CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.371130.00CVE-2021-34480
13DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd 权限升级4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.06CVE-2022-41479
14Basilix Webmail login.php3 权限升级7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
15JoomlaTune Com Jcomments admin.jcomments.php 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.04CVE-2010-5048
16Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001690.00CVE-2023-21735
17Alt-N MDaemon Worldclient 权限升级4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
18CouchCMS mysql2i.func.php Path 信息公开3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
19Esri ArcGIS Server SQL注入8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-29114
20Hikvision Tablet DS-D5B86RB Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2023-33806

活动 (1)

These are the campaigns that can be associated with the actor:

  • Ukraine

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1111.90.139.122server1.kamon.laGoMetUkraine2022-07-21verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/dl_sendmail.phppredictive
2File/adminPage/conf/reloadpredictive
3File/api/baskets/{name}predictive
4File/api/v2/cli/commandspredictive
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictive
6File/DXR.axdpredictive
7File/forum/away.phppredictive
8File/mfsNotice/pagepredictive
9File/novel/bookSetting/listpredictive
10File/novel/userFeedback/listpredictive
11File/owa/auth/logon.aspxpredictive
12File/spip.phppredictive
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictive
14File/zm/index.phppredictive
15Filexxxxxxx.xxxpredictive
16Filexxxxx.xxxxxxxxx.xxxpredictive
17Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictive
18Filexxxx/xxxxxxxxxxxx.xxxpredictive
19Filexxxx.xxxpredictive
20Filexx_xxxx_xx_xxxx_xxxx.xxxpredictive
21Filexxxx_xxxxxxx.xxxpredictive
22Filexxxxx.xxxpredictive
23Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictive
24Filexxxxx-xxxxxxx.xxxpredictive
25Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictive
26Filexxxxxxxxxx\xxxx.xxxpredictive
27Filexxxxxxxxxxx.xxxpredictive
28Filexxxx-xxxxxx.xxxpredictive
29Filexxxxxxxxxxx.xxxxx.xxxpredictive
30Filexxxx.xxxpredictive
31Filexxxxx_xxxx.xxxpredictive
32Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictive
33Filexxx/xxxxxx.xxxpredictive
34Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictive
35Filexxxxx.xxxxpredictive
36Filexxxxx.xxxpredictive
37Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictive
38Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictive
39Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictive
40Filexxxx_xxxxxxx.xxxpredictive
41Filexxxxx.xxxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxx.xxxxpredictive
44Filexx_xxxx.xpredictive
45Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictive
46Filexxxxxxx_xxxx.xxxpredictive
47Filexxxxxxxxxxxxxxxxx.xxxpredictive
48Filexxxxxxx.xxxpredictive
49Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictive
50Filexxxxxxx_xxxx.xxxpredictive
51Filexxxx_xxxx_xxxxxx.xxxpredictive
52Filexxxx_xxxxx.xxxxpredictive
53Filexxxxxxxxxx_xxxx.xxxpredictive
54Filexxx/xxxx/xxxxpredictive
55Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictive
56Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
57Filexxxxxxxxx/xxxxxxxx.xxxpredictive
58Filexxxx_xxxxxx.xxpredictive
59Filexxxx-xxxxx.xxxpredictive
60Filexxxx-xxxxxxxx.xxxpredictive
61Filexxxxxx_xxxxx.xxxpredictive
62Filexxxxxx.xxxpredictive
63Filexxxxxxx-xxxxx.xxxpredictive
64Filexxxx_xxxxx.xxxpredictive
65Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
66Filexxxx.xxxpredictive
67Filexx-xxxxx-xxxxxx.xxxpredictive
68Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictive
69Filexxxx.xxxpredictive
70File~/xxx/xxxx-xxxxxxxxx.xxxpredictive
71File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictive
72Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictive
73Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictive
74Argumentxxx_xxxpredictive
75Argumentxxxxpredictive
76Argumentxxxxxxxxxpredictive
77Argumentxxxxxxxxpredictive
78Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictive
79Argumentxxxxx_xxxxpredictive
80Argumentxxxx_xxx_xxxxpredictive
81Argumentxxxxxxxxxxpredictive
82Argumentxxxpredictive
83Argumentxxxxxxxxxxxxxxxpredictive
84Argumentxxxxpredictive
85Argumentxxxxx->xxxxpredictive
86Argumentxxxxxxxxx_xxxxxxpredictive
87Argumentxxxxxxxxxpredictive
88Argumentxx_xxxxxxxpredictive
89Argumentxxxxpredictive
90Argumentxxxxxxxxpredictive
91Argumentxxxxxpredictive
92Argumentxxxxxx_xxxxxpredictive
93Argumentxx_xxpredictive
94Argumentxxxxxxx[xxxxxxx]predictive
95Argumentxxxxxxxpredictive
96Argumentxxxxxxpredictive
97Argumentxxxxxpredictive
98Argumentxxpredictive
99Argumentxxxpredictive
100Argumentxxxxpredictive
101Argumentxxxxpredictive
102Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictive
103Argumentxxxxxxxxpredictive
104Argumentxxxxxx/xxxxx/xxxxpredictive
105Argumentxxxxxxxpredictive
106Argumentxxxxpredictive
107Argumentxxxxxx_xxxxxxpredictive
108Argumentxxxxxxxx_xxpredictive
109Argumentxxxxxx_xxxxxpredictive
110Argumentxxxx_xxxxpredictive
111Argumentxxxxpredictive
112Argumentxxxxxxpredictive
113Argumentxxxxxxxpredictive
114Argumentxxxpredictive
115Argumentxxxxxpredictive
116Argumentxxxpredictive
117Argumentxxxxxxpredictive
118Argumentxxxxxxxxpredictive
119Argument_xxx_xxxxxxxxxxx_predictive
120Input Valuexxxxxxxxx' xxx 'x'='xpredictive
121Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
122Pattern|xx xx xx xx|predictive
123Network Portxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!