ioc[.]one - OSINT Cyber Threat Intelligence Database

Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software - Arctic Wolf

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Exploit Public-Facing Application
country:	Canada
attack-pattern:	Data Models Artificial Intelligence - T1588.007 Command And Scripting Interpreter - T1623 Domains - T1583.001 Domains - T1584.001 Exploit Public-Facing Application - T1377 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Command-Line Interface - T1059 Exploit Public-Facing Application - T1190 Network Share Discovery - T1135 Powershell - T1086 System Information Discovery - T1082 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Exploit Public-Facing Application

Show in Graph

Common Information

Type	Value
UUID	cf75f0da-67bb-4431-ab07-fbec4daf95f1
Fingerprint	37cbb890fdb48f87
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 12, 2024, 6:02 p.m.
Added to db	Dec. 13, 2024, 5:08 p.m.
Last updated	Dec. 19, 2024, 4:58 a.m.
Headline	Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software
Title	Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software - Arctic Wolf
Detected Hints/Tags/Attributes	97/3/58

Source URLs

	Redirection	Url
Details	Source	https://arcticwolf.com/resources/blog/cleopatras-shadow-a-mass-exploitation-campaign/

URL Provider

Details	Provider	Source level domain
Details	arcticwolf.com	arcticwolf.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	16	✔	Arctic Wolf	https://arcticwolf.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	3	AS60602
Details	Autonomous System Number	3	AS42708
Details	Autonomous System Number	4	AS39798
Details	Autonomous System Number	3	AS51177
Details	Autonomous System Number	3	AS46475
Details	Autonomous System Number	3	AS200019
Details	Autonomous System Number	5	AS14576
Details	Autonomous System Number	5	AS32613
Details	Autonomous System Number	2	AS212477
Details	Autonomous System Number	4	AS59729
Details	Autonomous System Number	4	AS209588
Details	Autonomous System Number	4	AS40065
Details	Autonomous System Number	8	AS54290
Details	Autonomous System Number	4	AS59711
Details	Autonomous System Number	18	AS24940
Details	Autonomous System Number	2	AS273045
Details	Autonomous System Number	2	AS200088
Details	CVE	263	cve-2023-34362
Details	CVE	48	cve-2024-50623
Details	Domain	245	system.io
Details	Domain	2	this.host
Details	Domain	4	this.run
Details	File	8	healthcheck.txt
Details	File	10	healthchecktemplate.txt
Details	File	12	main.xml
Details	File	2283	cmd.exe
Details	File	92	java.exe
Details	File	2	top.xml
Details	File	2	options.xml
Details	sha256	3	6705eea898ef1155417361fa71b1078b7aaab61e7597d2a080aa38df4ad87b1c
Details	IPv4	29	5.8.0.21
Details	IPv4	2	38.180.51.138
Details	IPv4	2	45.182.189.225
Details	IPv4	3	67.220.94.173
Details	IPv4	20	5.8.0.24
Details	IPv4	2	185.181.230.115
Details	IPv4	3	80.67.5.133
Details	IPv4	2	5.181.158.25
Details	IPv4	2	188.214.30.105
Details	IPv4	3	216.245.221.83
Details	IPv4	2	176.123.4.50
Details	IPv4	4	185.162.128.133
Details	IPv4	3	184.107.3.70
Details	IPv4	2	45.140.143.68
Details	IPv4	2	195.123.224.8
Details	IPv4	2	184.107.3.196
Details	IPv4	3	92.51.2.221
Details	IPv4	7	192.119.99.42
Details	IPv4	3	185.162.128.100
Details	IPv4	2	5.149.254.109
Details	IPv4	2	92.51.2.244
Details	IPv4	2	95.216.35.219
Details	MITRE ATT&CK Techniques	586	T1190
Details	MITRE ATT&CK Techniques	739	T1059
Details	MITRE ATT&CK Techniques	1056	T1082
Details	MITRE ATT&CK Techniques	242	T1033
Details	MITRE ATT&CK Techniques	190	T1135
Details	MITRE ATT&CK Techniques	126	T1049