Cleaver تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

التسلسل الزمني

اللغة

en64
pl4
fr2

البلد

us42
ca14
nl6
pl2
fr2

الفاعلين

Cleaver3
APT331
Conti1
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined16
Web Server6
Programming Tool Software2
Database Administration Software2
Firmware Software2

المجهز

Not Defined10
Apache8
DZCP2
Intel2
BitDefender2

منتج

Apache HTTP Server6
Apache Struts2
phpMyAdmin2
DZCP deV!L`z Clanportal2
Intel NUC HDMI Firmware Update Tool2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.59CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php حقن إس كيو إل7.37.1$0-$5k$0-$5kHighUnavailable0.001350.06CVE-2010-4996
4Esoftpro Online Guestbook Pro ogp_show.php حقن إس كيو إل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.62CVE-2009-4935
5Intel NUC HDMI Firmware Update Tool Installer تجاوز الصلاحيات7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-33089
6BitDefender Endpoint Security Tools EPSecurityService.exe تجاوز الصلاحيات4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.04CVE-2019-17099
7WebsitePanel Login Page Default.aspx تجاوز الصلاحيات6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006630.00CVE-2012-4032
8Audible App SSL Certificate توثيق ضعيف4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000810.04CVE-2019-11554
9Oracle Java SE JSSE تجاوز الصلاحيات5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002090.00CVE-2018-3180
10Razer Surround RzSurroundVADStreamingService.exe تجاوز الصلاحيات5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.02CVE-2019-13142
11Oracle Database Server OJVM تجاوز الصلاحيات9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001650.00CVE-2017-10202
12Omron CX-One CX-Programmer/CJ2M PLC/CJ2H PLC Password Storage الكشف عن المعلومات4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2015-1015
13Qualcomm Eudora Attachment Filename اجتياز الدليل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.022370.00CVE-2002-2351
14Oracle Java SE/JRE SunToolkit rt.jar setAccessible تجاوز الصلاحيات9.89.4$100k أو أكثر$0-$5kHighOfficial Fix0.975230.02CVE-2012-4681
15Adobe Shockwave Player IML32.dll تلف الذاكرة10.09.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.032440.03CVE-2010-4089
16Apache HTTP Server WinNT MPM الحرمان من الخدمة7.36.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040890.00CVE-2014-3523
17Gempar Script Toko Online shop_display_products.php حقن إس كيو إل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
18Apache Struts DefaultActionMapper تجاوز الصلاحيات6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.971890.00CVE-2013-2248
19phpPgAds adclick.php ثغرات غير معروفة5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.59CVE-2005-3791
20PHP magic_quotes_gpc تجاوز الصلاحيات9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.006250.04CVE-2012-0831

حملات (1)

These are the campaigns that can be associated with the actor:

  • Cleaver

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
123.238.17.181s1.regulatorfix.comCleaverCleaver01/01/2021verifiedعالي
250.23.164.161a1.a4.1732.ip4.static.sl-reverse.comCleaverCleaver01/01/2021verifiedعالي
364.120.128.154CleaverCleaver01/01/2021verifiedعالي
464.120.208.74CleaverCleaver31/05/2021verifiedعالي
564.120.208.75CleaverCleaver31/05/2021verifiedعالي
664.120.208.76CleaverCleaver31/05/2021verifiedعالي
764.120.208.78CleaverCleaver31/05/2021verifiedعالي
866.96.252.198host-66-96-252-198.myrepublic.co.idCleaverCleaver01/01/2021verifiedعالي
9XX.XXX.XXX.XXXxxxxxxXxxxxxx31/05/2021verifiedعالي
10XX.XXX.XXX.XXXXxxxxxxXxxxxxx31/05/2021verifiedعالي
11XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
12XX.XX.XXX.XXXxxxxxxXxxxxxx01/01/2021verifiedعالي
13XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
14XX.XX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedعالي
15XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
16XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
17XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
18XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
19XX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedعالي
20XX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedعالي
21XX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedعالي
22XX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedعالي
23XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxxXxxxxxxXxxxxxx31/05/2021verifiedعالي
24XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxXxxxxxx31/05/2021verifiedعالي
25XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx31/05/2021verifiedعالي
26XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedعالي
27XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedعالي
28XXX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedعالي
29XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedعالي
30XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxx-xxxxxx.xxxxxxxxxx.xxxXxxxxxxXxxxxxx01/01/2021verifiedعالي
31XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
32XXX.XXX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedعالي
33XXX.XX.XXX.XXXXxxxxxxXxxxxxx01/01/2021verifiedعالي
34XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxXxxxxxx31/05/2021verifiedعالي
35XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxxxXxxxxxx31/05/2021verifiedعالي
36XXX.XXX.XX.XXXxxxxxxXxxxxxx31/05/2021verifiedعالي
37XXX.XX.XXX.XXxxx.xxxxxx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
38XXX.XX.XXX.XXxxxxx.xxxxxxxxxxxx.xxXxxxxxxXxxxxxx01/01/2021verifiedعالي
39XXX.XX.XX.XXXxxxxxxXxxxxxx01/01/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/forum/away.phppredictiveعالي
2File/home/httpd/cgi-bin/cgi.cgipredictiveعالي
3Fileadclick.phppredictiveمتوسط
4Filedata/gbconfiguration.datpredictiveعالي
5Filexxxxxxx.xxxxpredictiveمتوسط
6Filexxxxxxxxxxxxxxxxx.xxxpredictiveعالي
7Filexxx/xxxxxx.xxxpredictiveعالي
8Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveعالي
9Filexxx_xxxxx_xxxx.xpredictiveعالي
10Filexxx_xxxx.xxxpredictiveمتوسط
11Filexxxxx.xxxpredictiveمتوسط
12Filexx.xxxpredictiveواطئ
13Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
14Filexxxx.xxxpredictiveمتوسط
15Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveعالي
16Libraryxxxxx.xxxpredictiveمتوسط
17Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveعالي
18Argumentxxxxxxxxpredictiveمتوسط
19Argumentxxx_xxpredictiveواطئ
20Argumentxxxxxxxpredictiveواطئ
21Argumentxxpredictiveواطئ
22Argumentxxxxpredictiveواطئ
23Argumentxxxxxxpredictiveواطئ
24Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveعالي
25Input Value<xxxxxxxx>.predictiveمتوسط

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!