Cleaver 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

时间轴

语言

en64
pl2
fr2
es2

国家/地区

us52
ca6
ir2
fr2
nl2

演员

Cleaver5
APT331
Conti1
Cobalt Strike1

活动

利益

时间轴

类型

Not Defined14
Programming Language Software8
Database Administration Software2
Survey Software2
Programming Tool Software2

供应商

Not Defined14
Apache4
Oracle4
Thomas R. Pasawicz2
QNAP2

产品

Oracle Java SE4
PHP4
Thomas R. Pasawicz HyperBook Guestbook2
phpMyAdmin2
LimeSurvey2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.52CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.001350.02CVE-2010-4996
4Esoftpro Online Guestbook Pro ogp_show.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.07CVE-2009-4935
5Intel NUC HDMI Firmware Update Tool Installer 权限升级7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-33089
6BitDefender Endpoint Security Tools EPSecurityService.exe 权限升级4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2019-17099
7WebsitePanel Login Page Default.aspx 权限升级6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006630.00CVE-2012-4032
8Audible App SSL Certificate 弱身份验证4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000810.04CVE-2019-11554
9Oracle Java SE JSSE 权限升级5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002090.00CVE-2018-3180
10Razer Surround RzSurroundVADStreamingService.exe 权限升级5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.02CVE-2019-13142
11Oracle Database Server OJVM 权限升级9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001650.03CVE-2017-10202
12Omron CX-One CX-Programmer/CJ2M PLC/CJ2H PLC Password Storage 信息公开4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2015-1015
13Qualcomm Eudora Attachment Filename 目录遍历7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.022370.00CVE-2002-2351
14Oracle Java SE/JRE SunToolkit rt.jar setAccessible 权限升级9.89.4$100k 以及更多$0-$5kHighOfficial Fix0.975230.02CVE-2012-4681
15Adobe Shockwave Player IML32.dll 内存损坏10.09.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.032440.03CVE-2010-4089
16Apache HTTP Server WinNT MPM 拒绝服务7.36.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040890.00CVE-2014-3523
17Gempar Script Toko Online shop_display_products.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
18Apache Struts DefaultActionMapper 权限升级6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.971890.00CVE-2013-2248
19phpPgAds adclick.php 未知漏洞5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.52CVE-2005-3791
20PHP magic_quotes_gpc 权限升级9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.006250.04CVE-2012-0831

活动 (1)

These are the campaigns that can be associated with the actor:

  • Cleaver

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
123.238.17.181s1.regulatorfix.comCleaverCleaver2021-01-01verified
250.23.164.161a1.a4.1732.ip4.static.sl-reverse.comCleaverCleaver2021-01-01verified
364.120.128.154CleaverCleaver2021-01-01verified
464.120.208.74CleaverCleaver2021-05-31verified
564.120.208.75CleaverCleaver2021-05-31verified
664.120.208.76CleaverCleaver2021-05-31verified
764.120.208.78CleaverCleaver2021-05-31verified
866.96.252.198host-66-96-252-198.myrepublic.co.idCleaverCleaver2021-01-01verified
9XX.XXX.XXX.XXXxxxxxxXxxxxxx2021-05-31verified
10XX.XXX.XXX.XXXXxxxxxxXxxxxxx2021-05-31verified
11XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxXxxxxxx2021-01-01verified
12XX.XX.XXX.XXXxxxxxxXxxxxxx2021-01-01verified
13XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxxXxxxxxx2021-01-01verified
14XX.XX.XXX.XXXXxxxxxxXxxxxxx2021-01-01verified
15XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx2021-01-01verified
16XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx2021-01-01verified
17XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx2021-01-01verified
18XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxXxxxxxx2021-01-01verified
19XX.XXX.XXX.XXXXxxxxxxXxxxxxx2021-01-01verified
20XX.XXX.XXX.XXXXxxxxxxXxxxxxx2021-01-01verified
21XX.XXX.XXX.XXXXxxxxxxXxxxxxx2021-01-01verified
22XX.XXX.XXX.XXXXxxxxxxXxxxxxx2021-01-01verified
23XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxxXxxxxxxXxxxxxx2021-05-31verified
24XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxXxxxxxx2021-05-31verified
25XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx2021-05-31verified
26XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx2021-01-01verified
27XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx2021-01-01verified
28XXX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxXxxxxxx2021-01-01verified
29XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxxXxxxxxx2021-01-01verified
30XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxx-xxxxxx.xxxxxxxxxx.xxxXxxxxxxXxxxxxx2021-01-01verified
31XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxXxxxxxx2021-01-01verified
32XXX.XXX.XXX.XXXXxxxxxxXxxxxxx2021-01-01verified
33XXX.XX.XXX.XXXXxxxxxxXxxxxxx2021-01-01verified
34XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxXxxxxxx2021-05-31verified
35XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxxxXxxxxxx2021-05-31verified
36XXX.XXX.XX.XXXxxxxxxXxxxxxx2021-05-31verified
37XXX.XX.XXX.XXxxx.xxxxxx.xxXxxxxxxXxxxxxx2021-01-01verified
38XXX.XX.XXX.XXxxxxx.xxxxxxxxxxxx.xxXxxxxxxXxxxxxx2021-01-01verified
39XXX.XX.XX.XXXxxxxxxXxxxxxx2021-01-01verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/forum/away.phppredictive
2File/home/httpd/cgi-bin/cgi.cgipredictive
3Fileadclick.phppredictive
4Filedata/gbconfiguration.datpredictive
5Filexxxxxxx.xxxxpredictive
6Filexxxxxxxxxxxxxxxxx.xxxpredictive
7Filexxx/xxxxxx.xxxpredictive
8Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictive
9Filexxx_xxxxx_xxxx.xpredictive
10Filexxx_xxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexx.xxxpredictive
13Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
14Filexxxx.xxxpredictive
15Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
16Libraryxxxxx.xxxpredictive
17Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictive
18Argumentxxxxxxxxpredictive
19Argumentxxx_xxpredictive
20Argumentxxxxxxxpredictive
21Argumentxxpredictive
22Argumentxxxxpredictive
23Argumentxxxxxxpredictive
24Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictive
25Input Value<xxxxxxxx>.predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!