Cleaver Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Langue

en	64
pl	4
it	2

De campagne

us	42
nl	8
ca	8
gb	2
it	2

Acteurs

Cleaver	5
Conti	1
Cobalt Strike	1
APT33	1

Intérêt

Taper

Not Defined	10
Web Server	6
Programming Language Software	6
Content Management System	4
Multimedia Player Software	2

Fournisseur

Not Defined	14
Apache	8
Thomas R. Pasawicz	2
Adobe	2
Oracle	2

Produit

Apache HTTP Server	6
PHP	4
Thomas R. Pasawicz HyperBook Guestbook	2
Adobe Shockwave Player	2
LimeSurvey	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.20	CVE-2010-0966
3	esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00135	0.05	CVE-2010-4996
4	Esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00108	1.11	CVE-2009-4935
5	Intel NUC HDMI Firmware Update Tool Installer elévation de privilèges	7.0	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2021-33089
6	BitDefender Endpoint Security Tools EPSecurityService.exe elévation de privilèges	4.9	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.04	CVE-2019-17099
7	WebsitePanel Login Page Default.aspx elévation de privilèges	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00663	0.00	CVE-2012-4032
8	Audible App SSL Certificate authentification faible	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00081	0.04	CVE-2019-11554
9	Oracle Java SE JSSE elévation de privilèges	5.6	5.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00209	0.00	CVE-2018-3180
10	Razer Surround RzSurroundVADStreamingService.exe elévation de privilèges	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2019-13142
11	Oracle Database Server OJVM elévation de privilèges	9.9	9.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00165	0.00	CVE-2017-10202
12	Omron CX-One CX-Programmer/CJ2M PLC/CJ2H PLC Password Storage divulgation de l'information	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2015-1015
13	Qualcomm Eudora Attachment Filename directory traversal	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02237	0.00	CVE-2002-2351
14	Oracle Java SE/JRE SunToolkit rt.jar setAccessible elévation de privilèges	9.8	9.4	$100k et plus	$0-$5k	High	Official Fix	0.97523	0.02	CVE-2012-4681
15	Adobe Shockwave Player IML32.dll buffer overflow	10.0	9.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03244	0.03	CVE-2010-4089
16	Apache HTTP Server WinNT MPM dénie de service	7.3	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04089	0.00	CVE-2014-3523
17	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
18	Apache Struts DefaultActionMapper elévation de privilèges	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97189	0.00	CVE-2013-2248
19	phpPgAds adclick.php vulnérabilité inconnue	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00317	1.02	CVE-2005-3791
20	PHP magic_quotes_gpc elévation de privilèges	9.8	8.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00625	0.04	CVE-2012-0831

Campagnes (1)

These are the campaigns that can be associated with the actor:

Cleaver

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	23.238.17.181	s1.regulatorfix.com	Cleaver	Cleaver	01/01/2021	verified	Élevé
2	50.23.164.161	a1.a4.1732.ip4.static.sl-reverse.com	Cleaver	Cleaver	01/01/2021	verified	Élevé
3	64.120.128.154		Cleaver	Cleaver	01/01/2021	verified	Élevé
4	64.120.208.74		Cleaver	Cleaver	31/05/2021	verified	Élevé
5	64.120.208.75		Cleaver	Cleaver	31/05/2021	verified	Élevé
6	64.120.208.76		Cleaver	Cleaver	31/05/2021	verified	Élevé
7	64.120.208.78		Cleaver	Cleaver	31/05/2021	verified	Élevé
8	66.96.252.198	host-66-96-252-198.myrepublic.co.id	Cleaver	Cleaver	01/01/2021	verified	Élevé
9	XX.XXX.XXX.XX		Xxxxxxx	Xxxxxxx	31/05/2021	verified	Élevé
10	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	31/05/2021	verified	Élevé
11	XX.XXX.XXX.XXX	xxx-xxx-xxx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
12	XX.XX.XXX.XX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
13	XX.XX.XXX.XX	xxxx.xx-xx-xx-xxx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
14	XX.XX.XXX.XXX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
15	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
16	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
17	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
18	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
19	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
20	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
21	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
22	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
23	XXX.XXX.XXX.XXX	xxxxxxx.xxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	31/05/2021	verified	Élevé
24	XXX.XXX.XXX.XXX	xxxxxxxx.xxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	31/05/2021	verified	Élevé
25	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	Xxxxxxx	31/05/2021	verified	Élevé
26	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
27	XXX.XXX.XXX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
28	XXX.XX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
29	XXX.XX.XXX.XX	xxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxx.xxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
30	XXX.XX.XXX.XX	xxx-xx-xxx-x.xx.xxxxxx.xxxx-xxxxxx.xxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
31	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxxxxxx.xxx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
32	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
33	XXX.XX.XXX.XXX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
34	XXX.XXX.XXX.XXX	xxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	31/05/2021	verified	Élevé
35	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxx	Xxxxxxx	Xxxxxxx	31/05/2021	verified	Élevé
36	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxx	31/05/2021	verified	Élevé
37	XXX.XX.XXX.XX	xxx.xxxxxx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
38	XXX.XX.XXX.XX	xxxxx.xxxxxxxxxxxx.xx	Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé
39	XXX.XX.XX.XX		Xxxxxxx	Xxxxxxx	01/01/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1059	CWE-94	Argument Injection	predictive	Élevé
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Élevé
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/forum/away.php	predictive	Élevé
2	File	/home/httpd/cgi-bin/cgi.cgi	predictive	Élevé
3	File	adclick.php	predictive	Moyen
4	File	data/gbconfiguration.dat	predictive	Élevé
5	File	xxxxxxx.xxxx	predictive	Moyen
6	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Élevé
7	File	xxx/xxxxxx.xxx	predictive	Élevé
8	File	xxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxx	predictive	Élevé
9	File	xxx_xxxxx_xxxx.x	predictive	Élevé
10	File	xxx_xxxx.xxx	predictive	Moyen
11	File	xxxxx.xxx	predictive	Moyen
12	File	xx.xxx	predictive	Faible
13	File	xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Élevé
14	File	xxxx.xxx	predictive	Moyen
15	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Élevé
16	Library	xxxxx.xxx	predictive	Moyen
17	Argument	xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:	predictive	Élevé
18	Argument	xxxxxxxx	predictive	Moyen
19	Argument	xxx_xx	predictive	Faible
20	Argument	xxxxxxx	predictive	Faible
21	Argument	xx	predictive	Faible
22	Argument	xxxx	predictive	Faible
23	Argument	xxxxxx	predictive	Faible
24	Input Value	">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--	predictive	Élevé
25	Input Value	<xxxxxxxx>.	predictive	Moyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you need the next level of professionalism?

Upgrade your account now!