UNC6691

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to intrusion sets

· Published 03/03/2026 17:44 · Modified 03/03/2026 17:44 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 03/03/2026 17:44
Modified: 03/03/2026 17:44
Updated at: 03/03/2026 17:44
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 1 reports, 18 attack patterns (mitre), 2 malware, 1 sectors, 1 countries, 135 indicators, 12 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Coruna: The Mysterious Journey of a Powerful iOS …

12 CVEs 14 MITREs 2 Malwares 77 Observables 1 APT

Attack patterns (MITRE) (18)

T1083 uses

File and Directory Discovery MITRE
T1056 uses

Input Capture MITRE
T1082 uses

System Information Discovery MITRE
T1203 uses

Exploitation for Client Execution MITRE
T1555 uses

Credentials from Password Stores MITRE
T1106 uses

Native API MITRE
T1064 uses

Scripting MITRE
T1213 uses

Data from Information Repositories MITRE
T1055 uses

Process Injection MITRE
Inter-Process Communication uses

T1559 MITRE
T1583 uses

Acquire Infrastructure MITRE
T1608 uses

Stage Capabilities MITRE

← Previous

Page / 2

1–12 of 18

PLASMAGRID uses

Family
Coruna uses

Family

Sectors (1)

Finance targets

Countries (1)

Ukraine targets

Indicators (135)

1fb9dedf1de81d387eff4bd5e747f730dd03c440157a66f20fdb5e95f64318c0 indicates

stix 100/100

· Valid until 27/02/2027 · Source: AlienVault
xfal48cf0ies7ew.xyz indicates

stix 100/100

· Valid until 29/07/2026 · Source: AlienVault
https://dd9l7e6ghme8pbk.xyz/group.html indicates

stix 100/100 Revoked

· Valid until 01/04/2026 · Source: AlienVault
7uspin.us indicates

stix 100/100

· Valid until 29/07/2026 · Source: AlienVault
https://t7c.icu/group.html indicates

stix 100/100 Revoked

· Valid until 01/04/2026 · Source: AlienVault
seven7.vip indicates

stix 100/100

· Valid until 29/07/2026 · Source: AlienVault
https://ai-scorepredict.com/static/analytics.html indicates

stix 100/100 Revoked

· Valid until 01/04/2026 · Source: AlienVault
dbgopaxl.com indicates

stix 100/100

· Valid until 29/07/2026 · Source: AlienVault
0dff17e3aa12c4928273c70a2e0a6fff25d3e43c0d1b71056abad34a22b03495 indicates

stix 100/100

· Valid until 27/02/2027 · Source: AlienVault
https://lddx3z2d72aa8i6.xyz/group.html indicates

stix 100/100 Revoked

· Valid until 01/04/2026 · Source: AlienVault
https://iphonex.mjdqw.cn/tuiliu/group.html indicates

stix 100/100 Revoked

· Valid until 01/04/2026 · Source: AlienVault
http://cryptocurrencyworld.top/details/group.html indicates

stix 100/100 Revoked

· Valid until 01/04/2026 · Source: AlienVault

← Previous

Page / 12

1–12 of 135

Vulnerabilities (CVE) (12)

CVE-2023-41974 KEV targets

7.8 High

Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.

Attack vector: LOCAL
Published: 10/01/2024
Modified: 15/03/2026

CVE-2024-23225 KEV targets

7.8 High

Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read …

Attack vector: Local
Complexity: LOW
Published: 05/03/2024
Modified: 04/04/2026

CWE-787

CVE-2020-27932 KEV targets

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel …

Published: 03/11/2021
Modified: 03/03/2026

CVE-2024-23222 KEV targets

8.8 High

Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted …

Attack vector: Network
Complexity: LOW
Published: 23/01/2024
Modified: 04/04/2026

CWE-843

CVE-2021-30952 KEV targets

7.8 High

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web …

Attack vector: LOCAL
Published: 24/08/2021
Modified: 10/03/2026

CVE-2022-48503 KEV targets

8.8 High

Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary …

Attack vector: Network
Published: 20/10/2025
Modified: 03/03/2026

CVE-2023-38606 KEV targets

5.5 Medium

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.

Attack vector: Local
Published: 26/07/2023
Modified: 21/12/2025

CVE-2020-27950 KEV targets

Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.

Published: 03/11/2021
Modified: 03/03/2026

CVE-2023-32434 KEV targets

7.8 High

Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.

Attack vector: Local
Published: 23/06/2023
Modified: 03/03/2026

CVE-2023-43000 KEV targets

8.8 High

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, …

Attack vector: NETWORK
Published: 05/11/2025
Modified: 15/03/2026

Analyzed

CVE-2023-32409 KEV targets

8.6 High

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out …

Attack vector: Network
Published: 22/05/2023
Modified: 03/03/2026

CVE-2024-23296 KEV targets

7.8 High

Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and …

Attack vector: Local
Complexity: LOW
Published: 05/03/2024
Modified: 04/04/2026

CWE-787

Contact About Legal notice Privacy policy Terms of use

UNC6691

Essential information

Description

Marking (TLP)

Related entities

Reports (1)

Attack patterns (MITRE) (18)

Malware (2)

Sectors (1)

Countries (1)

Indicators (135)

Vulnerabilities (CVE) (12)