Cleaver Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Idioma

en	62
pl	4
es	2
it	2

País

us	50
ca	6
ir	4
es	2
pl	2

Actores

Cleaver	4
Conti	1
Cobalt Strike	1
APT33	1

Interesar

Escribe

Not Defined	16
Web Server	10
Programming Language Software	6
Android App Software	2
Content Management System	2

Proveedor

Not Defined	16
Apache	10
Esoftpro	2
esoftpro	2
Thomas R. Pasawicz	2

Producto

Apache HTTP Server	10
PHP	4
phpPgAds	2
Audible App	2
Joomla!	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.81	CVE-2010-0966
3	esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00135	0.04	CVE-2010-4996
4	Esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00108	0.85	CVE-2009-4935
5	Intel NUC HDMI Firmware Update Tool Installer escalada de privilegios	7.0	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2021-33089
6	BitDefender Endpoint Security Tools EPSecurityService.exe escalada de privilegios	4.9	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.04	CVE-2019-17099
7	WebsitePanel Login Page Default.aspx escalada de privilegios	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00663	0.00	CVE-2012-4032
8	Audible App SSL Certificate autenticación débil	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00081	0.04	CVE-2019-11554
9	Oracle Java SE JSSE escalada de privilegios	5.6	5.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00209	0.00	CVE-2018-3180
10	Razer Surround RzSurroundVADStreamingService.exe escalada de privilegios	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2019-13142
11	Oracle Database Server OJVM escalada de privilegios	9.9	9.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00165	0.00	CVE-2017-10202
12	Omron CX-One CX-Programmer/CJ2M PLC/CJ2H PLC Password Storage divulgación de información	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2015-1015
13	Qualcomm Eudora Attachment Filename directory traversal	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02237	0.00	CVE-2002-2351
14	Oracle Java SE/JRE SunToolkit rt.jar setAccessible escalada de privilegios	9.8	9.4	$100k y más	$0-$5k	High	Official Fix	0.97523	0.02	CVE-2012-4681
15	Adobe Shockwave Player IML32.dll desbordamiento de búfer	10.0	9.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03244	0.03	CVE-2010-4089
16	Apache HTTP Server WinNT MPM denegación de servicio	7.3	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04089	0.00	CVE-2014-3523
17	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
18	Apache Struts DefaultActionMapper escalada de privilegios	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97189	0.00	CVE-2013-2248
19	phpPgAds adclick.php vulnerabilidad desconocida	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00317	1.32	CVE-2005-3791
20	PHP magic_quotes_gpc escalada de privilegios	9.8	8.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00625	0.04	CVE-2012-0831

Campañas (1)

These are the campaigns that can be associated with the actor:

Cleaver

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	23.238.17.181	s1.regulatorfix.com	Cleaver	Cleaver	2021-01-01	verified	Alto
2	50.23.164.161	a1.a4.1732.ip4.static.sl-reverse.com	Cleaver	Cleaver	2021-01-01	verified	Alto
3	64.120.128.154		Cleaver	Cleaver	2021-01-01	verified	Alto
4	64.120.208.74		Cleaver	Cleaver	2021-05-31	verified	Alto
5	64.120.208.75		Cleaver	Cleaver	2021-05-31	verified	Alto
6	64.120.208.76		Cleaver	Cleaver	2021-05-31	verified	Alto
7	64.120.208.78		Cleaver	Cleaver	2021-05-31	verified	Alto
8	66.96.252.198	host-66-96-252-198.myrepublic.co.id	Cleaver	Cleaver	2021-01-01	verified	Alto
9	XX.XXX.XXX.XX		Xxxxxxx	Xxxxxxx	2021-05-31	verified	Alto
10	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	2021-05-31	verified	Alto
11	XX.XXX.XXX.XXX	xxx-xxx-xxx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
12	XX.XX.XXX.XX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
13	XX.XX.XXX.XX	xxxx.xx-xx-xx-xxx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
14	XX.XX.XXX.XXX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
15	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
16	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
17	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
18	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
19	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
20	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
21	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
22	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
23	XXX.XXX.XXX.XXX	xxxxxxx.xxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-05-31	verified	Alto
24	XXX.XXX.XXX.XXX	xxxxxxxx.xxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-05-31	verified	Alto
25	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-05-31	verified	Alto
26	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
27	XXX.XXX.XXX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
28	XXX.XX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
29	XXX.XX.XXX.XX	xxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxx.xxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
30	XXX.XX.XXX.XX	xxx-xx-xxx-x.xx.xxxxxx.xxxx-xxxxxx.xxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
31	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxxxxxx.xxx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
32	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
33	XXX.XX.XXX.XXX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
34	XXX.XXX.XXX.XXX	xxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-05-31	verified	Alto
35	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxx	Xxxxxxx	Xxxxxxx	2021-05-31	verified	Alto
36	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxx	2021-05-31	verified	Alto
37	XXX.XX.XXX.XX	xxx.xxxxxx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
38	XXX.XX.XXX.XX	xxxxx.xxxxxxxxxxxx.xx	Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto
39	XXX.XX.XX.XX		Xxxxxxx	Xxxxxxx	2021-01-01	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/forum/away.php	predictive	Alto
2	File	/home/httpd/cgi-bin/cgi.cgi	predictive	Alto
3	File	adclick.php	predictive	Medio
4	File	data/gbconfiguration.dat	predictive	Alto
5	File	xxxxxxx.xxxx	predictive	Medio
6	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxx/xxxxxx.xxx	predictive	Alto
8	File	xxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxx	predictive	Alto
9	File	xxx_xxxxx_xxxx.x	predictive	Alto
10	File	xxx_xxxx.xxx	predictive	Medio
11	File	xxxxx.xxx	predictive	Medio
12	File	xx.xxx	predictive	Bajo
13	File	xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Alto
14	File	xxxx.xxx	predictive	Medio
15	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
16	Library	xxxxx.xxx	predictive	Medio
17	Argument	xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:	predictive	Alto
18	Argument	xxxxxxxx	predictive	Medio
19	Argument	xxx_xx	predictive	Bajo
20	Argument	xxxxxxx	predictive	Bajo
21	Argument	xx	predictive	Bajo
22	Argument	xxxx	predictive	Bajo
23	Argument	xxxxxx	predictive	Bajo
24	Input Value	">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--	predictive	Alto
25	Input Value	<xxxxxxxx>.	predictive	Medio

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!