Cleo Software Actively Being Exploited in the Wild | Huntress
Tags
country: Canada Chad Netherlands Lithuania Moldova United States Of America
attack-pattern: Model Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 8909d8d2-0e7d-446f-a784-1dd93ba8b427
Fingerprint 91071a55a5b7ca83
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 1, 2024, midnight
Added to db Dec. 10, 2024, 4:33 a.m.
Last updated Dec. 18, 2024, 8:24 p.m.
Headline Threat Advisory: Oh No Cleo! Cleo Software Actively Being Exploited in the Wild
Title Cleo Software Actively Being Exploited in the Wild | Huntress
Detected Hints/Tags/Attributes 46/2/18
Source URLs
Redirection Url
Details Source https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
URL Provider
Details Provider Source level domain
Details huntress.com www.huntress.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 318 Huntress Blog https://www.huntress.com/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 48 
cve-2024-50623
Details File 2 
c:\lexicom\logs\lexicom.xml
Details File 10 
healthchecktemplate.txt
Details File 8 
healthcheck.txt
Details File 2 
lexicom6836057879780436035.tmp
Details File 1 
mail.xml
Details File 12 
main.xml
Details File 1 
lexicom.db
Details File 55 
nltest.exe
Details File 4 
60282967-dc91-40ef-a34c-38e992509c2c.xml
Details IPv4 29 
5.8.0.21
Details IPv4 3 
5.8.0.0
Details IPv4 5 
176.123.5.126
Details IPv4 6 
5.149.249.226
Details IPv4 6 
185.181.230.103
Details IPv4 4 
209.127.12.38
Details IPv4 6 
181.214.147.164
Details IPv4 7 
192.119.99.42