UNC2596 Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (98)

Cronología

Idioma

en82
it6
de4
fr2
pl2

País

us40
cn6
de4
fr2
it2

Actores

Cobalt Strike3
Meterpreter2
UNC25961
Cuba Ransomware1
Tortoiseshell1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined34
Forum Software10
Medical Device Software6
Content Management System4
Supplier Relationship Management Software2

Proveedor

Not Defined24
SourceCodester8
Google4
Oracle2
Coppermine2

Producto

DeluxeBB4
SourceCodester Medical Certificate Generator App4
Oracle iSupplier Portal2
Coppermine Photo Gallery2
e-Vision CMS2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.36CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Apple Mac OS X Server escalada de privilegios6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2010-1821
4Wachipi WP Events Calendar Plugin event.php sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002850.00CVE-2018-5315
5Bartels-schoene ConPresso firma.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2010-2124
6SamTodo dsp_main.php cross site scripting4.34.2$0-$5kCalculadorHighUnavailable0.002540.00CVE-2008-2563
7SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scripting8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
8Jetty Login Password.java divulgación de información5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002990.03CVE-2017-9735
9Google Chrome Flash Player desbordamiento de búfer9.99.5$100k y más$5k-$25kNot DefinedOfficial Fix0.006450.00CVE-2012-0724
10QEMU pcie_sriov.c register_vfs desbordamiento de búfer5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-26327
11AWStats awstats.pl Path divulgación de información5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001760.35CVE-2018-10245
12Apache UIMA DUCC escalada de privilegios7.17.1$5k-$25k$5k-$25kNot DefinedUnavailable0.001420.03CVE-2023-28935
13e-Quick Cart shoptellafriend.asp cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.07
14e-Quick Cart shoptellafriend.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
15iamdroppy phoenixcf articles.cfm sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.06CVE-2011-10001
16SourceCodester Online Discussion Forum Site manage_category.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000670.00CVE-2023-3146
17codeprojects Pharmacy Management System Avatar Image add.php escalada de privilegios7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.05CVE-2023-0918
18Bandmin index.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.011540.02CVE-2003-0416
19AL-Caricatier ss.php divulgación de información5.35.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.020170.02CVE-2005-4653
20Tim Rohrer Wordpress Spreadsheet Plugin ss_handler.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002070.02CVE-2014-8364

Campañas (1)

These are the campaigns that can be associated with the actor:

  • Cuba

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
123.227.197.22923-227-197-229.static.hvvc.usUNC2596Cuba2022-05-05verifiedAlto
245.32.229.6645.32.229.66.vultrusercontent.comUNC2596Cuba2022-05-05verifiedAlto
3XX.XX.XXX.XXXXxxxxxxXxxx2022-05-05verifiedAlto
4XX.XXX.XX.XXxxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxXxxx2022-05-05verifiedAlto
5XXX.XXX.XX.XXXxxxxxxXxxx2022-05-05verifiedAlto
6XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxXxxx2022-05-05verifiedAlto
7XXX.XXX.XXX.XXXXxxxxxxXxxx2022-05-05verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveAlto
2File/index.phppredictiveMedio
3File/supervisor/procesa_carga.phppredictiveAlto
4File/wireless/basic.asppredictiveAlto
5Fileaction.phppredictiveMedio
6Fileadd.phppredictiveBajo
7Fileadministrator.phppredictiveAlto
8Fileadmin\categories\manage_category.phppredictiveAlto
9Fileagents.phppredictiveMedio
10FileAGENTS/index.phppredictiveAlto
11Fileawstats.plpredictiveMedio
12Filexxxxx.xxxpredictiveMedio
13Filexxxx.xxxpredictiveMedio
14Filexxxx/xxxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
15Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
16Filexxxxxxx/x-xxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
17Filexxxxx.xxxpredictiveMedio
18Filexxxxxxxx.xxxpredictiveMedio
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
20Filexxx_xxxx.xxxpredictiveMedio
21Filexxxxx.xxxpredictiveMedio
22Filexxxxx.xxxpredictiveMedio
23Filexx/xxx/xxxx_xxxxx.xpredictiveAlto
24Filexxxxxx-xxxx-xxxxxxx.xxxpredictiveAlto
25Filexxxxxx-xxxxxxxxxx-xxxxxxx.xxxpredictiveAlto
26Filexxxxxx.xxxpredictiveMedio
27Filexxxxxx_xxxxxxx.xxxxpredictiveAlto
28Filexxxxx.xxxpredictiveMedio
29Filexxx/xxxxxx.xxxpredictiveAlto
30Filexxxxx.xxxpredictiveMedio
31Filexx/xxx/xxxxx.xxxpredictiveAlto
32Filexxxx.xxxpredictiveMedio
33Filexxxxxxxxx.xxxpredictiveAlto
34Filexxxxx_xxxxx.xxxpredictiveAlto
35Filexxxxxxxx.xxxpredictiveMedio
36Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveAlto
37Filexxxx.xxxpredictiveMedio
38Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
39Filexxxxxxxxx.xxxpredictiveAlto
40Filexxx.xxxpredictiveBajo
41Filexx.xxxpredictiveBajo
42Filexx_xxxxxxx.xxxpredictiveAlto
43Filexxxx.xxxpredictiveMedio
44Filexxxx_xxx.xxxpredictiveMedio
45Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
46Libraryxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xpredictiveAlto
47Libraryxxxxxxxx.xxxpredictiveMedio
48ArgumentxxxxxxpredictiveBajo
49ArgumentxxxxxxxpredictiveBajo
50ArgumentxxxxxxxxpredictiveMedio
51ArgumentxxxxxxxxxpredictiveMedio
52Argumentxxxxxx_xxxxxxxx=xxxxxpredictiveAlto
53ArgumentxxxxxxxxpredictiveMedio
54Argumentxxxxxx_xxx_xxpredictiveAlto
55Argumentxxxxx_xxpredictiveMedio
56Argumentxxxx-xxxxxx/xxxx-xxxxxxpredictiveAlto
57Argumentxxxxxxxxx/xxxxxxpredictiveAlto
58ArgumentxxxxpredictiveBajo
59ArgumentxxxxxxxxpredictiveMedio
60ArgumentxxpredictiveBajo
61ArgumentxxxxxxxxpredictiveMedio
62ArgumentxxxxxxxpredictiveBajo
63ArgumentxxxxxxxxpredictiveMedio
64ArgumentxxxxxxxpredictiveBajo
65Argumentxxxxxx_xxxpredictiveMedio
66ArgumentxxxxpredictiveBajo
67Argumentxx_xxpredictiveBajo
68Argumentx/xxxxpredictiveBajo
69Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveAlto
70ArgumentxxxxxxxxpredictiveMedio
71ArgumentxxxxxxxxxxxxxxpredictiveAlto
72ArgumentxxxpredictiveBajo
73ArgumentxxxpredictiveBajo
74Argumentxxx_xxxxpredictiveMedio
75ArgumentxxxxxxpredictiveBajo
76ArgumentxxxxxxxxpredictiveMedio
77Argumentxxxx/xxxxx/xxxxpredictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!