ClearFake Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en62
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia28
US: USA16
ME: Montenegro2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike4
RedLine Stealer4
ClearFake4
Vidar3
SectopRAT2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
WordPress Plugin8
Content Management System6
Hospitality Software4
Programming Tool Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Microsoft4
SourceCodester4
Apache4
Ashwebstudio2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Visual Studio2
DedeBIZ2
SourceCodester Loan Management System2
Ashwebstudio Ashnews2
Microsoft PowerPoint2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Ajax Load More Plugin admin-ajax.php sql injection6.76.1$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.005340.00CVE-2021-24140
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000000.80
3Automattic WooCommerce Plugin API webhooks sql injection2.72.6$0-$5k$0-$5kNot definedOfficial fix 0.032820.07CVE-2021-32790
4CodeAstro Simple Loan Management System Login index.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000100.00CVE-2024-13038
5SourceCodester Modern Loan Management System search_member.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000740.06CVE-2024-9090
6Tigertom Scripts Ttcalc Script loan.php cross site scripting4.33.8$0-$5k$0-$5kProof-of-ConceptUnavailable 0.005070.00CVE-2006-3428
7Horizon Business Services Caterease authentication replay7.67.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.000710.06CVE-2024-38890
8Rapid7 Metasploit Framework drb_remote_codeexec Exploit deserialization5.04.8$0-$5k$0-$5kNot definedOfficial fix 0.005820.08CVE-2020-7385
9SourceCodester Loan Management System deleteBorrower.php delete_borrower sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.000500.00CVE-2023-6310
10itsourcecode Loan Management System Login Page login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001850.00CVE-2024-6192
11DedeBIZ Attachment Settings select_images_post.php get_mime_type unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.002050.07CVE-2024-7906
12Campcodes Complete Online DJ Booking System aboutus.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000770.06CVE-2024-2720
13Horizon Business Services Caterease TCP Packet sql injection8.88.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.004770.05CVE-2024-38889
14Horizon Business Services Caterease SQL Server xp_cmdshell os command injection9.49.2$0-$5k$0-$5kProof-of-ConceptWorkaround 0.018510.00CVE-2024-38882
15code-projects Simple Online Hotel Reservation System Make a Reservation Page add_reserve.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000590.11CVE-2024-0504
16code-projects Hotel Management System Available Room hotelnew.c stack-based overflow5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000310.04CVE-2024-12186
17Microsoft Windows Hyper-V integer overflow7.87.4$25k-$100k$5k-$25kAttackedOfficial fixverified0.165430.08CVE-2024-38080
18WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.008050.00CVE-2008-0507
19Averta Depicter Slider and Popup Plugin authorization5.35.2$0-$5k$0-$5kNot definedNot defined 0.002260.00CVE-2024-47359
20NVIDIA GPU/vGPU/Cloud Gaming User Mode Layer out-of-bounds7.87.6$0-$5k$0-$5kNot definedOfficial fix 0.000590.00CVE-2024-0118

IOC - Indicator of Compromise (24)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.252.21.234kuvshinov.ruClearFake08/21/2024verifiedVery High
262.182.156.148ClearFake11/28/2023verifiedHigh
380.64.30.238ClearFake02/05/2025verifiedVery High
483.217.208.130ClearFake02/05/2025verifiedVery High
5109.248.206.49109.248.206.49.yadc.ruClearFake11/24/2023verifiedHigh
6XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
7XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
8XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
9XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
10XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
11XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
12XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx10/18/2023verifiedHigh
13XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
14XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
17XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx.xxXxxxxxxxx11/24/2023verifiedHigh
18XXX.XXX.XXX.XXXXxxxxxxxx11/28/2023verifiedHigh
19XXX.XXX.XXX.XXXXxxxxxxxx11/28/2023verifiedHigh
20XXX.XXX.XXX.XXXXxxxxxxxx11/28/2023verifiedHigh
21XXX.XXX.XXX.XXXXxxxxxxxx11/28/2023verifiedHigh
22XXX.XXX.XXX.XXXXxxxxxxxx11/28/2023verifiedHigh
23XXX.XXX.XXX.XXXXxxxxxxxx11/28/2023verifiedHigh
24XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxx08/13/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/aboutus.phppredictiveHigh
2File/admin/dialog/select_images_post.phppredictiveHigh
3File/forum/away.phppredictiveHigh
4File/index.phppredictiveMedium
5File/public/launchNewWindow.jsppredictiveHigh
6File/student/project_selection/move_up_project.phppredictiveHigh
7File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
8File/xx-xxxx/xx/xx/xxxxxxxxpredictiveHigh
9Filexxxxxxx.xxxpredictiveMedium
10Filexxx_xxxxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxx-xxx.xpredictiveMedium
13Filexxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx.xpredictiveLow
15Filexxxx.xxxpredictiveMedium
16Filexxxxxx.xxxpredictiveMedium
17Filexxxxxxxx.xpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxxx/xxxxxxx/xxx/xxx/xxxx-xxx.xxpredictiveHigh
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxx_xxxxxx.xxxpredictiveHigh
24File~/xxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
25Libraryxxx/xxxxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
26Libraryxxxxxx.xxxpredictiveMedium
27Argumentxxxxx_xxxxxpredictiveMedium
28ArgumentxxxxxxxxpredictiveMedium
29Argumentxxxxxxxx_xxpredictiveMedium
30ArgumentxxxxxpredictiveLow
31Argumentxxxxxxxxx/xxxxxxxxpredictiveHigh
32ArgumentxxpredictiveLow
33ArgumentxxxxxxxxxpredictiveMedium
34ArgumentxxxxxxxxxxxxxpredictiveHigh
35ArgumentxxxxxxxxpredictiveMedium
36ArgumentxxxxxxxxpredictiveMedium
37ArgumentxxxxxxpredictiveLow
38ArgumentxxxxxxxxxxxxpredictiveMedium
39ArgumentxxxxpredictiveLow
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxpredictiveLow
42ArgumentxxxxxxpredictiveLow
43ArgumentxxxpredictiveLow
44ArgumentxxxxxxxxpredictiveMedium
45ArgumentxxxxpredictiveLow
46Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!