Description
[Cleaver](https://attack.mitre.org/groups/G0003) is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. (Citation: Cylance Cleaver) Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). (Citation: Dell Threat Group 2889)
Techniques Used (TTPs)
- T1003.001 — LSASS Memory (credential-access)
- T1557.002 — ARP Cache Poisoning (credential-access, collection)
- T1588.002 — Tool (resource-development)
- T1587.001 — Malware (resource-development)
- T1585.001 — Social Media Accounts (resource-development)
Total TTPs: 5
Malware & Tools
Malware: Net Crawler, TinyZBot