UNC2596 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (98)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en82
pl6
it4
fr4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us50
cn4
mo4
nz2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike4
Cuba Ransomware2
Tortoiseshell2
UNC25961
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined34
Content Management System8
Project Management Software4
Forum Software4
Supplier Relationship Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Oracle2
McAfee2
Rubetek2
e-Vision2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MyBB4
Oracle iSupplier Portal2
McAfee Security-as-a-Service2
Rubetek RV-34062
Rubetek RV-34092

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.10CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Apple Mac OS X Server input validation6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2010-1821
4Wachipi WP Events Calendar Plugin event.php sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002850.00CVE-2018-5315
5Bartels-schoene ConPresso firma.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2010-2124
6SamTodo dsp_main.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002540.00CVE-2008-2563
7SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scripting8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
8Jetty Login Password.java information disclosure5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002990.04CVE-2017-9735
9Google Chrome Flash Player memory corruption9.99.5$100k and more$5k-$25kNot DefinedOfficial Fix0.006450.00CVE-2012-0724
10QEMU pcie_sriov.c register_vfs buffer overflow5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-26327
11AWStats awstats.pl Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001760.08CVE-2018-10245
12Apache UIMA DUCC command injection7.17.1$5k-$25k$5k-$25kNot DefinedUnavailable0.001420.03CVE-2023-28935
13e-Quick Cart shoptellafriend.asp cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.07
14e-Quick Cart shoptellafriend.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
15iamdroppy phoenixcf articles.cfm sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.04CVE-2011-10001
16SourceCodester Online Discussion Forum Site manage_category.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000670.07CVE-2023-3146
17codeprojects Pharmacy Management System Avatar Image add.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.13CVE-2023-0918
18Bandmin index.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.011540.00CVE-2003-0416
19AL-Caricatier ss.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.020170.02CVE-2005-4653
20Tim Rohrer Wordpress Spreadsheet Plugin ss_handler.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002070.02CVE-2014-8364

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cuba

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.227.197.22923-227-197-229.static.hvvc.usUNC2596Cuba05/05/2022verifiedHigh
245.32.229.6645.32.229.66.vultrusercontent.comUNC2596Cuba05/05/2022verifiedHigh
3XX.XX.XXX.XXXXxxxxxxXxxx05/05/2022verifiedHigh
4XX.XXX.XX.XXxxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxXxxx05/05/2022verifiedHigh
5XXX.XXX.XX.XXXxxxxxxXxxx05/05/2022verifiedHigh
6XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxXxxx05/05/2022verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxXxxx05/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/index.phppredictiveMedium
3File/supervisor/procesa_carga.phppredictiveHigh
4File/wireless/basic.asppredictiveHigh
5Fileaction.phppredictiveMedium
6Fileadd.phppredictiveLow
7Fileadministrator.phppredictiveHigh
8Fileadmin\categories\manage_category.phppredictiveHigh
9Fileagents.phppredictiveMedium
10FileAGENTS/index.phppredictiveHigh
11Fileawstats.plpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxxx.xxxpredictiveMedium
14Filexxxx/xxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/x-xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxx_xxxx.xxxpredictiveMedium
21Filexxxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexx/xxx/xxxx_xxxxx.xpredictiveHigh
24Filexxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
25Filexxxxxx-xxxxxxxxxx-xxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxx_xxxxxxx.xxxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexx/xxx/xxxxx.xxxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxxx.xxxpredictiveHigh
34Filexxxxx_xxxxx.xxxpredictiveHigh
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxx.xxxpredictiveHigh
40Filexxx.xxxpredictiveLow
41Filexx.xxxpredictiveLow
42Filexx_xxxxxxx.xxxpredictiveHigh
43Filexxxx.xxxpredictiveMedium
44Filexxxx_xxx.xxxpredictiveMedium
45Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
46Libraryxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xpredictiveHigh
47Libraryxxxxxxxx.xxxpredictiveMedium
48ArgumentxxxxxxpredictiveLow
49ArgumentxxxxxxxpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxxxxxxpredictiveMedium
52Argumentxxxxxx_xxxxxxxx=xxxxxpredictiveHigh
53ArgumentxxxxxxxxpredictiveMedium
54Argumentxxxxxx_xxx_xxpredictiveHigh
55Argumentxxxxx_xxpredictiveMedium
56Argumentxxxx-xxxxxx/xxxx-xxxxxxpredictiveHigh
57Argumentxxxxxxxxx/xxxxxxpredictiveHigh
58ArgumentxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxpredictiveLow
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxpredictiveLow
65Argumentxxxxxx_xxxpredictiveMedium
66ArgumentxxxxpredictiveLow
67Argumentxx_xxpredictiveLow
68Argumentx/xxxxpredictiveLow
69Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxxxxxpredictiveHigh
72ArgumentxxxpredictiveLow
73ArgumentxxxpredictiveLow
74Argumentxxx_xxxxpredictiveMedium
75ArgumentxxxxxxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77Argumentxxxx/xxxxx/xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!