Cleaver Analysis

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58
it4
fr2
es2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server6
Qualcomm Eudora2
Oracle Database Server2
DZCP deV!L`z Clanportal2
Joomla!2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.180.04187CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.080.01213CVE-2010-4996
4Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.100.01055CVE-2009-4935
5BitDefender Endpoint Security Tools EPSecurityService.exe untrusted search path4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.210.00885CVE-2019-17099
6WebsitePanel Login Page Default.aspx input validation6.56.2$0-$5kCalculatingNot DefinedOfficial Fix0.030.06790CVE-2012-4032
7Audible App SSL Certificate certificate validation4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-11554
8Oracle Java SE JSSE access control5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02686CVE-2018-3180
9Razer Surround RzSurroundVADStreamingService.exe access control5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2019-13142
10Oracle Database Server OJVM access control9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00890CVE-2017-10202
11Omron CX-One CX-Programmer/CJ2M PLC/CJ2H PLC Password Storage information disclosure4.03.8$0-$5kCalculatingNot DefinedOfficial Fix0.020.00885CVE-2015-1015
12Qualcomm Eudora Attachment Filename path traversal7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.030.07687CVE-2002-2351
13Oracle Java SE/JRE SunToolkit rt.jar setAccessible privileges management9.89.4$100k and moreCalculatingHighOfficial Fix0.000.92021CVE-2012-4681
14Adobe Shockwave Player IML32.dll memory corruption10.09.5$5k-$25kCalculatingNot DefinedOfficial Fix0.010.03444CVE-2010-4089
15Apache HTTP Server WinNT MPM resource management7.36.4$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.040.07344CVE-2014-3523
16Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.080.00986CVE-2009-0296
17Apache Struts DefaultActionMapper input validation6.35.7$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.010.28978CVE-2013-2248
18phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2005-3791
19PHP magic_quotes_gpc input validation9.88.5$5k-$25kCalculatingUnprovenOfficial Fix0.000.03779CVE-2012-0831
20Apache HTTP Server Request apr_brigade_flatten input validation6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.020.07344CVE-2015-3183

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cleaver

IOC - Indicator of Compromise (40)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.238.17.181s1.regulatorfix.comCleaverCleaververifiedHigh
250.23.164.161a1.a4.1732.ip4.static.sl-reverse.comCleaverCleaververifiedHigh
364.120.128.154CleaverCleaververifiedHigh
464.120.208.74CleaverCleaververifiedHigh
564.120.208.75CleaverCleaververifiedHigh
664.120.208.76CleaverCleaververifiedHigh
764.120.208.78CleaverCleaververifiedHigh
866.96.252.198host-66-96-252-198.myrepublic.co.idCleaverCleaververifiedHigh
9XX.XXX.XXX.XXXxxxxxxXxxxxxxverifiedHigh
10XX.XXX.XXX.XXXXxxxxxxXxxxxxxverifiedHigh
11XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxXxxxxxxverifiedHigh
12XX.XX.XXX.XXXxxxxxxXxxxxxxverifiedHigh
13XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxxXxxxxxxverifiedHigh
14XX.XX.XXX.XXXXxxxxxxXxxxxxxverifiedHigh
15XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxxverifiedHigh
16XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxxverifiedHigh
17XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxxverifiedHigh
18XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxxverifiedHigh
19XX.XXX.XXX.XXXXxxxxxxXxxxxxxverifiedHigh
20XX.XXX.XXX.XXXXxxxxxxXxxxxxxverifiedHigh
21XX.XXX.XXX.XXXXxxxxxxXxxxxxxverifiedHigh
22XX.XXX.XXX.XXXXxxxxxxXxxxxxxverifiedHigh
23XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
24XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
25XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
26XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
27XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
28XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
29XXX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
30XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
31XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxx-xxxxxx.xxxxxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
32XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxXxxxxxxverifiedHigh
33XXX.XXX.XXX.XXXXxxxxxxXxxxxxxverifiedHigh
34XXX.XX.XXX.XXXXxxxxxxXxxxxxxverifiedHigh
35XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
36XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxxxXxxxxxxverifiedHigh
37XXX.XXX.XX.XXXxxxxxxXxxxxxxverifiedHigh
38XXX.XX.XXX.XXxxx.xxxxxx.xxXxxxxxxXxxxxxxverifiedHigh
39XXX.XX.XXX.XXxxxxx.xxxxxxxxxxxx.xxXxxxxxxXxxxxxxverifiedHigh
40XXX.XX.XX.XXXxxxxxxXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
3Fileadclick.phppredictiveMedium
4Filedata/gbconfiguration.datpredictiveHigh
5Filexxxxxxx.xxxxpredictiveMedium
6Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveHigh
9Filexxx_xxxxx_xxxx.xpredictiveHigh
10Filexxx_xxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexx.xxxpredictiveLow
13Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
16Libraryxxxxx.xxxpredictiveMedium
17Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
18ArgumentxxxxxxxxpredictiveMedium
19Argumentxxx_xxpredictiveLow
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxpredictiveLow
22ArgumentxxxxpredictiveLow
23ArgumentxxxxxxpredictiveLow
24Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveHigh
25Input Value<xxxxxxxx>.predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!