UNC2596 Analysis

IOB - Indicator of Behavior (49)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en42
it4
fr2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us44
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

dotProject4
Rubetek RV-34062
Rubetek RV-34092
Rubetek RV-34112
Wechat Broadcast Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.420.04187CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
3Apple Mac OS X Server input validation6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2010-1821
4SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scripting8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000
5Jetty Login Password.java information disclosure5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.03779CVE-2017-9735
6Google Chrome Flash Player memory corruption9.99.5$100k and more$5k-$25kNot DefinedOfficial Fix0.030.01202CVE-2012-0724
7ADTRAN Netvanta 7060/Netvanta 7100 DNS Privilege Escalation6.56.3$0-$5k$0-$5kNot DefinedWorkaround0.020.29468CVE-2021-25681
8SourceCodester Loan Management System index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00885CVE-2022-2766
9Apache HTTP Server HTTP2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.070.05242CVE-2020-9490
10Rubetek RV-3406/RV-3409/RV-3411 Telnet Service hard-coded password9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.090.01055CVE-2020-25749
11Edgewall Software Trac cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.01213CVE-2007-1405
12Media Library Assistant Plugin cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2020-11731
13media-library-assistant Plugin mla_gallery injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01156CVE-2020-11928
14Wechat Broadcast Plugin Image.php path traversal6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.08382CVE-2018-16283
15Acresso FLEXnet Connect ActiveX Control MSVNClientDownloadManager61Lib.DownloadManager.1 Remote Code Execution9.89.3$0-$5kCalculatingProof-of-ConceptNot Defined0.000.11409CVE-2008-4587
16McAfee Security-as-a-Service MyCioScan.Scan.ShowReport() myCIOScn.dll MyCioScan.Scan.ShowReport privileges management7.57.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.030.00000
17UseBB panel_login.php Type Juggling type confusion8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2020-8088
18Oracle iSupplier Portal Attachments Local Privilege Escalation8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2019-2583
19Logaritmo Logaritmo Aware CallManager File Upload procesa_carga.php unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-20385
20Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.04386CVE-2004-0300

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cuba

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/index.phppredictiveMedium
2File/supervisor/procesa_carga.phppredictiveHigh
3Filecheck.phppredictiveMedium
4Filexxxxx.xxxpredictiveMedium
5Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxx_xxxxx.xxxpredictiveHigh
9Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
10Filexxxx.xxxpredictiveMedium
11Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
12Libraryxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xpredictiveHigh
13Libraryxxxxxxxx.xxxpredictiveMedium
14ArgumentxxxxxxxpredictiveLow
15ArgumentxxxxxxxxpredictiveMedium
16ArgumentxxxxxxxxpredictiveMedium
17ArgumentxxpredictiveLow
18ArgumentxxxxxxxxpredictiveMedium
19Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
20ArgumentxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!