Cleaver Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en60
pl4
fr2
it2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us36
ca8
nl4
ir4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cleaver4
APT331
Conti1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Programming Language Software6
Web Server4
Content Management System2
Survey Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Apache4
Oracle4
DZCP2
Adobe2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP4
Apache HTTP Server4
Drupal2
LimeSurvey2
DZCP deV!L`z Clanportal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.35CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.00CVE-2010-4996
4Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.39CVE-2009-4935
5Intel NUC HDMI Firmware Update Tool Installer access control7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-33089
6BitDefender Endpoint Security Tools EPSecurityService.exe untrusted search path4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2019-17099
7WebsitePanel Login Page Default.aspx input validation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006630.00CVE-2012-4032
8Audible App SSL Certificate certificate validation4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000810.04CVE-2019-11554
9Oracle Java SE JSSE access control5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002090.00CVE-2018-3180
10Razer Surround RzSurroundVADStreamingService.exe access control5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.02CVE-2019-13142
11Oracle Database Server OJVM access control9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001650.05CVE-2017-10202
12Omron CX-One CX-Programmer/CJ2M PLC/CJ2H PLC Password Storage information disclosure4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-1015
13Qualcomm Eudora Attachment Filename path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.024270.00CVE-2002-2351
14Oracle Java SE/JRE SunToolkit rt.jar setAccessible privileges management9.89.4$25k-$100k$0-$5kHighOfficial Fix0.975230.04CVE-2012-4681
15Adobe Shockwave Player IML32.dll memory corruption10.09.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.032440.00CVE-2010-4089
16Apache HTTP Server WinNT MPM resource management7.36.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040890.00CVE-2014-3523
17Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
18Apache Struts DefaultActionMapper input validation6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.971890.00CVE-2013-2248
19phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.84CVE-2005-3791
20PHP magic_quotes_gpc input validation9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.006250.04CVE-2012-0831

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cleaver

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.238.17.181s1.regulatorfix.comCleaverCleaver01/01/2021verifiedHigh
250.23.164.161a1.a4.1732.ip4.static.sl-reverse.comCleaverCleaver01/01/2021verifiedHigh
364.120.128.154CleaverCleaver01/01/2021verifiedHigh
464.120.208.74CleaverCleaver05/31/2021verifiedHigh
564.120.208.75CleaverCleaver05/31/2021verifiedHigh
664.120.208.76CleaverCleaver05/31/2021verifiedHigh
764.120.208.78CleaverCleaver05/31/2021verifiedHigh
866.96.252.198host-66-96-252-198.myrepublic.co.idCleaverCleaver01/01/2021verifiedHigh
9XX.XXX.XXX.XXXxxxxxxXxxxxxx05/31/2021verifiedHigh
10XX.XXX.XXX.XXXXxxxxxxXxxxxxx05/31/2021verifiedHigh
11XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
12XX.XX.XXX.XXXxxxxxxXxxxxxx01/01/2021verifiedHigh
13XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
14XX.XX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedHigh
15XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
16XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
17XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
18XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
19XX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedHigh
20XX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedHigh
21XX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedHigh
22XX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedHigh
23XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxxXxxxxxxXxxxxxx05/31/2021verifiedHigh
24XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxXxxxxxx05/31/2021verifiedHigh
25XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx05/31/2021verifiedHigh
26XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedHigh
27XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedHigh
28XXX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedHigh
29XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedHigh
30XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxx-xxxxxx.xxxxxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedHigh
31XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
32XXX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedHigh
33XXX.XX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedHigh
34XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxXxxxxxx05/31/2021verifiedHigh
35XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxxxXxxxxxx05/31/2021verifiedHigh
36XXX.XXX.XX.XXXxxxxxxXxxxxxx05/31/2021verifiedHigh
37XXX.XX.XXX.XXxxx.xxxxxx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
38XXX.XX.XXX.XXxxxxx.xxxxxxxxxxxx.xxXxxxxxxXxxxxxx01/01/2021verifiedHigh
39XXX.XX.XX.XXXxxxxxxXxxxxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
8TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
3Fileadclick.phppredictiveMedium
4Filedata/gbconfiguration.datpredictiveHigh
5Filexxxxxxx.xxxxpredictiveMedium
6Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveHigh
9Filexxx_xxxxx_xxxx.xpredictiveHigh
10Filexxx_xxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexx.xxxpredictiveLow
13Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
16Libraryxxxxx.xxxpredictiveMedium
17Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
18ArgumentxxxxxxxxpredictiveMedium
19Argumentxxx_xxpredictiveLow
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxpredictiveLow
22ArgumentxxxxpredictiveLow
23ArgumentxxxxxxpredictiveLow
24Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveHigh
25Input Value<xxxxxxxx>.predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!