← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cuba Ransomware Operations Exploit Microsoft Exchange Bugs to Gain Initial Access to Corporate Networks
WHITE Malware Advisory SVThreatIntel 2022-03-02 Modified: 2022-04-01
97
IOCs
HIGH VOLUME
The Cuba ransomware operation is exploiting Microsoft Exchange vulnerabilities to gain initial access to corporate networks and encrypt devices. Researchers track the ransomware gang as UNC2596 and the ransomware as COLDDRAW, which is more commonly known as Cuba. Victimology Victims include utility providers, government agencies, and organizations that support non-profits and healthcare entities. However, they have not been observed attacking hospitals or entities that provide urgent care. Around 80% of impacted victim organizations are based in North America, but they have also impacted several countries in Europe and other regions.
iocs domiansha256RansomwareCuba Ransomware
Indicators of Compromise (97)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 20a04e7fc12259dfd4172f5232ed5ccf MD5 of 82f194e6baeef6eefb42f0685c49c1e6143ec850 2022-03-02
FileHash-MD5 26c09228e76764a2002ba643afeb9415 2022-03-02
FileHash-MD5 3e96efd37777cc01cabb3401485297aa MD5 of f008e568c313b6f41406658a77313f89df07017e 2022-03-02
FileHash-MD5 46b977a0838f4317425df0f2e1076451 2022-03-02
FileHash-MD5 48f8cd5e42cdf06d5a520ab66a5ae576 2022-03-02
FileHash-MD5 72a60d799ae9e4f0a3443a2f96fb4896 2022-03-02
FileHash-MD5 73c0f0904105b4c220c25f64506ea986 2022-03-02
FileHash-MD5 7d4307d310ad151359b025fc5a7fca1a 2022-03-02
FileHash-MD5 896376ce1bbca1ed73a70341896023e0 2022-03-02
FileHash-MD5 8c4341a4bde2b6faa76405f57e00fc48 2022-03-02
FileHash-MD5 95820d16da2d9c4fbb07130639be2143 MD5 of 0a3ac9b182d8f14d9bc368d0c923270eed29b950 2022-03-02
FileHash-MD5 98a2e05f4aa648b02540d2e17946da7e 2022-03-02
FileHash-MD5 98b2fff45a9474d61c1bd71b7a60712b MD5 of 3b0ec4b6ad3cf558cac6b2c6e7d8024c438cfbc5 2022-03-02
FileHash-MD5 9a0a2f1dc7686983843ee38d3cab448f 2022-03-02
FileHash-MD5 9ca2579117916ded7ac8272b7b47bb98 2022-03-02
FileHash-MD5 b62eec21d9443f8f66b87dd92ba34e85 2022-03-02
FileHash-MD5 ba83831700a73661f99d38d7505b5646 MD5 of 209ffbc8ba1e93167bca9b67e0ad3561c065595d 2022-03-02
FileHash-MD5 bb2a2818e2e4514507462aadea01b3d7 2022-03-02
FileHash-MD5 bda33efc53c202c99c1e5afb3a13b30c 2022-03-02
FileHash-MD5 becdcaa3a4d933c13427bb40f9c1cfbb MD5 of ee883ec4b7b7c1eba7200ee2f9f3678f67257217 2022-03-02
FileHash-MD5 c0e88dee5427aae6ce628b48a6d310a7 2022-03-02
FileHash-MD5 c47372b368c0039a9085e2ed437ec720 MD5 of 4f6ee84f59984ff11147bfff67ab6e40cd7c8525 2022-03-02
FileHash-MD5 c5e3b725080712c175840c59a37a5daa MD5 of f347fa07f13c3809e4d2d390e1d16ff91f6dc959 2022-03-02
FileHash-MD5 c9d3b29e0b7662dafc6a1839ad54a6fb 2022-03-02
FileHash-MD5 d5679f47d22c7c0647038ce6f54352e4 2022-03-02
FileHash-MD5 ddf2e657a89ae38f634c4a271345808b 2022-03-02
FileHash-MD5 df0e5d91d0986fde9bc02db38eef5010 MD5 of 922ca12c04b064b35fd01daadf5266b8a2764c32 2022-03-02
FileHash-MD5 e77af544cc9d163d81e78b3c4da2eee5 MD5 of 3ead9dd8c31d8cfb6cc53e96ec37bdcfdbbcce78 2022-03-02
FileHash-MD5 e78ed117f74fd7441cadc3ea18814b3e MD5 of 6da8a4a32a4410742f626376cbec38986d307d5a 2022-03-02
FileHash-MD5 f51c4b21445a0ece50b1f920648ed726 2022-03-02
FileHash-MD5 fb6da2aa2aca0ce2e0af22b2c3ba2668 MD5 of 55b89bad1765bbf97158070fd5cbf9ea7d449e2a 2022-03-02
FileHash-SHA1 0a3ac9b182d8f14d9bc368d0c923270eed29b950 2022-03-02
FileHash-SHA1 0d0ac944b9c4589a998b5032d208a16e63db5817 2022-03-02
FileHash-SHA1 172f28f61a35716762169d63f207071adf21a54c 2022-03-02
FileHash-SHA1 209ffbc8ba1e93167bca9b67e0ad3561c065595d 2022-03-02
FileHash-SHA1 363dc3cf956ab2a7188cf0e44bffd9fba766097d 2022-03-02
FileHash-SHA1 39381976485fbe4719e4585f082a5252feedbcfd 2022-03-02
FileHash-SHA1 3b0ec4b6ad3cf558cac6b2c6e7d8024c438cfbc5 2022-03-02
FileHash-SHA1 3ead9dd8c31d8cfb6cc53e96ec37bdcfdbbcce78 2022-03-02
FileHash-SHA1 49cfcecd50fcfcd3961b9d3f8fa896212b7a9527 2022-03-02
FileHash-SHA1 4f3a1e917f67293578b7e823bca35c4dff923386 2022-03-02
FileHash-SHA1 4f6ee84f59984ff11147bfff67ab6e40cd7c8525 2022-03-02
FileHash-SHA1 55b89bad1765bbf97158070fd5cbf9ea7d449e2a 2022-03-02
FileHash-SHA1 6da8a4a32a4410742f626376cbec38986d307d5a 2022-03-02
FileHash-SHA1 7c88207ff1afe8674ba32bc20b597d833d8b594a 2022-03-02
FileHash-SHA1 7ef1f5946b25f56a97e824602c58076e4b1c10b6 2022-03-02
FileHash-SHA1 8247880a1bad73caaeed25f670fc3dad1be0954a 2022-03-02
FileHash-SHA1 82f194e6baeef6eefb42f0685c49c1e6143ec850 2022-03-02
FileHash-SHA1 8fec34209f79debcd9c03e6a3015a8e3d26336bb 2022-03-02
FileHash-SHA1 922ca12c04b064b35fd01daadf5266b8a2764c32 2022-03-02
FileHash-SHA1 a304497ff076348e098310f530779002a326c264 2022-03-02
FileHash-SHA1 b73763c98523e544c0ce0da7db7142f1e039c0a2 2022-03-02
FileHash-SHA1 d0bbbc1866062f9a772776be6b7ef135d6c5e002 2022-03-02
FileHash-SHA1 d1ef60835127e35154a04d0c7f65beee6e790e44 2022-03-02
FileHash-SHA1 d9030bdbd0cb451788eaa176a032aa83cf7604c0 2022-03-02
FileHash-SHA1 e328b5e26a04a13e80e60b4a0405512c99ddb74e 2022-03-02
FileHash-SHA1 e6ea0765b9a8cd255d587b92b2a80f96fab95f15 2022-03-02
FileHash-SHA1 ee883ec4b7b7c1eba7200ee2f9f3678f67257217 2022-03-02
FileHash-SHA1 f008e568c313b6f41406658a77313f89df07017e 2022-03-02
FileHash-SHA1 f1be87ee03a2fb59d51cb4ba1fe2ece8ddfb5192 2022-03-02
FileHash-SHA1 f347fa07f13c3809e4d2d390e1d16ff91f6dc959 2022-03-02
FileHash-SHA1 fd4c478f1561db6a9a0d7753741486b9075986d0 2022-03-02
FileHash-SHA256 03249bf622c3ae1dbed8b14cfaa8332442a41c4592d325ad93b6a8cb6d4b29f8 2022-03-02
FileHash-SHA256 101b3147d404150b3c0c882ab869a18eb6eeb79e8b7b2df81fb4be1a8b58f1bf 2022-03-02
FileHash-SHA256 13d333d5e3c1dd6c33dfa8fc76def6109b5187d4ce6bb82a34a8bf311b027d79 2022-03-02
FileHash-SHA256 1842ddc55b4bf9c71606451d404a21f7f3da8e54c56318010c80ba4f571bd8f5 SHA256 of 55b89bad1765bbf97158070fd5cbf9ea7d449e2a 2022-03-02
FileHash-SHA256 4306c5d152cdd86f3506f91633ef3ae7d8cf0dd25f3e37bec43423c4742f4c42 2022-03-02
FileHash-SHA256 44a4ce7b5d2e154ec802a67ef14c613298cafc00b1ca3a15b302195f2686a186 2022-03-02
FileHash-SHA256 482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a SHA256 of 82f194e6baeef6eefb42f0685c49c1e6143ec850 2022-03-02
FileHash-SHA256 671e049f3e2f6b7851ca4e8eed28ba5c9bf209eb4ad44aab081a9871b06f2833 2022-03-02
FileHash-SHA256 6c4b57fc995a037a0d60166deadfb869a07b4bb382651b9c4ea9e59fb347c3d1 SHA256 of ee883ec4b7b7c1eba7200ee2f9f3678f67257217 2022-03-02
FileHash-SHA256 6cd25067316f8fe013792697f2f5da298318e2047ea4c5da525955799f66726f SHA256 of 922ca12c04b064b35fd01daadf5266b8a2764c32 2022-03-02
FileHash-SHA256 6ce206a1e1224e0a9d296d5fabffee7fe5ab45ef00299a21e8df66e8c6ba5a27 2022-03-02
FileHash-SHA256 6d5ca42906c60caa7d3e0564b011d20b87b175cbd9d44a96673b46a82b07df68 2022-03-02
FileHash-SHA256 6e66caaa12c3cafd1dc3f8c6305354fcbb958ed7f9a4e5e5bf3a2dc2216b5915 2022-03-02
FileHash-SHA256 728a2d5dd2bf9c707431ff68e94c0d7a7ace9508241051c02344d9e9c556e015 2022-03-02
FileHash-SHA256 79d6b1b6b1ecb446b0f49772bf4da63fcec6f6bfc7c2e1f4924cb7acbb3b4f53 SHA256 of 209ffbc8ba1e93167bca9b67e0ad3561c065595d 2022-03-02
FileHash-SHA256 7b2144f2b5d722a1a8a0c47a43ecaf029b434bfb34a5cffe651fda2adf401131 SHA256 of 3b0ec4b6ad3cf558cac6b2c6e7d8024c438cfbc5 2022-03-02
FileHash-SHA256 7f357ab4ac225e14a6967f89f20926e9e0db15dca5b8fe058c120a365570b783 SHA256 of 3ead9dd8c31d8cfb6cc53e96ec37bdcfdbbcce78 2022-03-02
FileHash-SHA256 811bb84e1e9f59279f844a040bf68d25ad29a756fbc07cffd7308f8490a15329 2022-03-02
FileHash-SHA256 9ab05651daf9e8bf3c84b14613cd98e8479018bbcf3543521e94458012eba96e SHA256 of 6da8a4a32a4410742f626376cbec38986d307d5a 2022-03-02
FileHash-SHA256 9cec82bebe1637c50877ff11de5bd4db1db4999d1bd764a772a5620388843c5f 2022-03-02
FileHash-SHA256 a722615c2ee101cde88c7f44fb214eccfe2d06752be751db066018a3244bce62 SHA256 of 0a3ac9b182d8f14d9bc368d0c923270eed29b950 2022-03-02
FileHash-SHA256 ad12f38308a85c8792f2f7e1e46afc3d9f1a9017edc2cbfbb28ae0191477ab3a 2022-03-02
FileHash-SHA256 aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03 2022-03-02
FileHash-SHA256 bcf0f202db47ca671ed6146040795e3c8315b7fb4f886161c675d4ddf5fdd0c4 SHA256 of f008e568c313b6f41406658a77313f89df07017e 2022-03-02
FileHash-SHA256 c443df1ddf8fd8a47af6fbfd0b597c4eb30d82efd1941692ba9bb9c4d6874e14 SHA256 of 4f6ee84f59984ff11147bfff67ab6e40cd7c8525 2022-03-02
FileHash-SHA256 d1e14b5f02fb020db4e215cb5c3abc6a7b1589443bccd6f03b77ee124ca72b5c 2022-03-02
FileHash-SHA256 d8df1a4d59a0382b367fd6936cce538201e9b93a2850dbc66a4dd575fbeb8c42 2022-03-02
FileHash-SHA256 df89d3d1f795a77eefc14f0356816d8b40934e40697f8190f76e0f5664f33fd3 2022-03-02
FileHash-SHA256 e35593fab92606448ac4cac6cd2bd6b4df5d7ab3b733ba4b9472994cf0e3d87d 2022-03-02
FileHash-SHA256 ea5de5558396f66af8382afd98f2a7118a6bcabf8f9612c7e35b121a8d1f230c 2022-03-02
FileHash-SHA256 f68cea99e6887739cd82865f9b973664117af14c1a25d4917eec25ce4b26a381 SHA256 of f347fa07f13c3809e4d2d390e1d16ff91f6dc959 2022-03-02
domain irrislaha.com 2022-03-02
domain leptengthinete.com 2022-03-02
domain siagevewilin.com 2022-03-02
domain surnbuithe.com 2022-03-02
References (1)
↗ https://www.mandiant.com/resources/unc2596-cuba-ransomware