🇮🇷
Cleaver
APT Group
Information theft and espionage
4 zero-day CVEs
ETDA ✓
Also Known As 6 names
Operation Cleaver
Op Cleaver
Tarh Andishan
Alibaba
TG-2889
G0003
Target Countries 28
Countries highlighted in red
United Arab Emirates
Albania
Azerbaijan
Bahrain
Canada
China
Czech Republic
Germany
Egypt
France
United Kingdom
Israel
India
Iraq
Islamic Republic of Iran
Jordan
Republic of Korea
Kuwait
Lebanon
Mauritius
Mexico
Oman
Pakistan
Qatar
Saudi Arabia
Turkey
United States
Uruguay
Sectors Targeted
Hospitality
IT
Private sector
Grantmaking and Giving Services
8132
Motor Vehicle Manufacturing
3361
Data Processing, Hosting, and Related Services
51821
Energy
Aviation
Education
Defense
Computer Systems Design and Related Services
54151
Oil and gas
High-Tech
Telecommunications
Computer Systems Design Services
541512
Government
Motion Picture and Video Production
51211
Computer Systems Design and Related Services
5415
National Security and International Affairs
9281
Tour Operators
561520
Management, Scientific, and Technical Consulting Services
5416
National Security and International Affairs
928110
Financial
Finance
Chemical
Details
Origin
🇮🇷 IR
Last Updated
29 Dec 2025
Malware Families 23
redcap
csext
google_drive_rat
zhmimikatz
js.ether_rat
nautilus
unidentified_095
dustman
neuron
STEALHOOK
pickpocket
jason
saitama
valuevault
longwatch
spynote
jasus
twoface
alma_communicator
kagent
karkoff
tonedeaf
ismagent
MITRE ATT&CK 129
T1003
T1003.001
T1003.004
T1003.005
T1005
T1007
T1008
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1021
T1021.001
T1021.004
T1025
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1027.005
T1027.013
T1033 - System Owner/User Discovery
T1036
T1036.005 - Match Legitimate Name or Location
T1046
T1047
T1048
T1048.003
T1049 - System Network Connections Discovery
T1053
T1053.005
T1055 - Process Injection
T1056
T1056.001
T1057
T1059
T1059.001
T1059.003 - Windows Command Shell
T1059.005
T1059.007 - JavaScript
T1068
T1069 - Permission Groups Discovery
T1069.001
T1069.002
T1070
T1070.004
T1071
T1071.001 - Web Protocols
T1071.004
T1074
T1074.001
T1078
T1078.002
T1082 - System Information Discovery
T1087
T1087.001
T1087.002
T1102 - Web Service
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110
T1112
T1113 - Screen Capture
T1115
T1119
T1120
T1132
T1132.001
T1133
T1137
T1137.004
T1140 - Deobfuscate/Decode Files or Information
T1195
T1201
T1203
T1204 - User Execution
T1204.001
T1204.002 - Malicious File
T1217
T1218
T1218.001
T1218.007 - Msiexec
T1219
T1497 - Virtualization/Sandbox Evasion
T1497.001
T1505
T1505.003
T1518
T1518.001 - Security Software Discovery
T1543
T1543.003
T1552
T1552.001
T1553
T1553.002
T1555
T1555.003
T1555.004
T1556
T1556.002
T1557
T1557.002
T1562
T1562.004
T1564.003 - Hidden Window
T1566 - Phishing
T1566.001
T1566.002
T1566.003
T1568 - Dynamic Resolution
T1572
T1573 - Encrypted Channel
T1573.002
T1574 - Hijack Execution Flow
T1583
T1583.001
T1584
T1584.004
T1585
T1585.001
T1585.003
T1586
T1586.002
T1587
T1587.001
T1588
T1588.002
T1588.003
T1608
T1608.001
T1686
T1686.003