UNC2596 Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en41
pl2
it2
fr1
de1

Country

us41
nz2
cn1

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.47CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
3Apple Mac OS X Server input validation6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2010-1821
4SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scriting8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.00
5Jetty Login Password.java information disclosure5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-9735
6Google Chrome Flash Player memory corruption9.99.5$100k and more$5k-$25kNot DefinedOfficial Fix0.06CVE-2012-0724
7Apache HTTP Server HTTP2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-9490
8Rubetek RV-3406/RV-3409/RV-3411 Telnet Service hard-coded password9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-25749
9Edgewall Software Trac cross site scriting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2007-1405
10Media Library Assistant Plugin cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-11731
11media-library-assistant Plugin mla_gallery injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-11928
12Wechat Broadcast Plugin Image.php path traversal6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2018-16283
13Acresso FLEXnet Connect ActiveX Control MSVNClientDownloadManager61Lib.DownloadManager.1 Remote Code Execution9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2008-4587
14McAfee Security-as-a-Service MyCioScan.Scan.ShowReport() myCIOScn.dll MyCioScan.Scan.ShowReport privileges management7.57.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.04
15UseBB panel_login.php Type Juggling type confusion8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-8088
16Oracle iSupplier Portal Attachments Local Privilege Escalation8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-2583
17Logaritmo Logaritmo Aware CallManager File Upload procesa_carga.php unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-20385
18Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2004-0300
19MikroTik RouterOS SMB memory corruption8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2018-7445
20Google Android NVIDIA libnvomx out-of-bounds write6.56.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.05CVE-2017-6286

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cuba

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/supervisor/procesa_carga.phppredictiveHigh
2Filecheck.phppredictiveMedium
3Filecount.cgipredictiveMedium
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxxx_xxxxx.xxxpredictiveHigh
8Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
9Filexxxx.xxxpredictiveMedium
10Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
11Libraryxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xpredictiveHigh
12Libraryxxxxxxxx.xxxpredictiveMedium
13ArgumentxxxxxxxpredictiveLow
14ArgumentxxxxxxxxpredictiveMedium
15ArgumentxxxxxxxxpredictiveMedium
16ArgumentxxpredictiveLow
17Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
18ArgumentxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!