Threat Command
This is a collection of rules for alerts generated by Rapid7 Threat Command.
Required license
To detect on alerts generated by Threat Command, you will need a Threat Command license.
Threat Command - A blacklist containing a company asset
Threat Command - A company asset communicating with a C&C server
Threat Command - A company asset listed on a target list
Threat Command - A company certificate with SSL issues detected
Description
This detection identifies a company certificate with SSL issues detected.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Develop Capabilities - T1587
- Digital Certificates - T1587.003
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Active Scanning - T1595
- Vulnerability Scanning - T1595.002
Threat Command - A company development environment publicly exposed
Description
This detection identifies a company development environment publicly exposed.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Remote Services - T1021
- Valid Accounts - T1078
- Cloud Accounts - T1078.004
- External Remote Services - T1133
- Exploit Public-Facing Application - T1190
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Network Topology - T1590.004
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - A company domain is using OpenSSL library with a detected vulnerability
Threat Command - A company domain is vulnerable to Heartbleed
Threat Command - A company domain is vulnerable to ROBOT
Description
This detection identifies a company domain is vulnerable to ROBOT.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Automated Exfiltration - T1020
- Traffic Duplication - T1020.001
- Web Service - T1102
- Phishing - T1566
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Gather Victim Host Information - T1592
- Client Configurations - T1592.004
- Active Scanning - T1595
- Vulnerability Scanning - T1595.002
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - A company domain name is embedded in malware code
Threat Command - A company domain SSL certificate has expired
Description
This detection identifies a company domain SSL certificate has expired.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Develop Capabilities - T1587
- Digital Certificates - T1587.003
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Active Scanning - T1595
- Vulnerability Scanning - T1595.002
Threat Command - A company domain supports non-compliant cipher-suites
Description
This detection identifies a company domain supports non-compliant cipher-suites.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Develop Capabilities - T1587
- Digital Certificates - T1587.003
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Active Scanning - T1595
- Vulnerability Scanning - T1595.002
Threat Command - A company domain vulnerable to SQL injection
Description
This detection identifies a company domain vulnerable to SQL injection.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Drive-by Compromise - T1189
- Exploit Public-Facing Application - T1190
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - A company domain with directory listing publicly exposed
Description
This detection identifies a company domain with directory listing publicly exposed.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - A company email address reported as spamming
Description
This detection identifies a company email address reported as spamming.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Defacement - T1491
- External Defacement - T1491.002
- Unsecured Credentials - T1552
- Credentials from Password Stores - T1555
- Credentials from Web Browsers - T1555.003
Threat Command - A company executive is mentioned on a target list
Threat Command - A company executive PII offered for sale
Threat Command - A company internal login page is accessible outside of the organization
Description
This detection identifies a company internal login page is accessible outside of the organization.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Remote Services - T1021
- Valid Accounts - T1078
- Cloud Accounts - T1078.004
- External Remote Services - T1133
- Exploit Public-Facing Application - T1190
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Network Topology - T1590.004
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - A company login page with SSL certificate issues
Description
This detection identifies a company login page with SSL certificate issues.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Develop Capabilities - T1587
- Digital Certificates - T1587.003
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Active Scanning - T1595
- Vulnerability Scanning - T1595.002
Threat Command - A company product is offered for sale on the black market
Threat Command - A company website reported as cardable
Threat Command - A company website reported as defaced
Threat Command - A company website vulnerable to XSS attacks
Description
This detection identifies a company website vulnerable to XSS attacks.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Drive-by Compromise - T1189
- Exploit Public-Facing Application - T1190
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - A copy of an app
Threat Command - A hacking tool targeting the company
Threat Command - An attempt to recruit a company insider
Threat Command - A negative use of the company’s name was found
Threat Command - An insider offering company information for sale
Threat Command - An intent to hack the company website
Description
This detection identifies an intent to hack the company website.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Gather Victim Identity Information - T1589
- Gather Victim Network Information - T1590
- Gather Victim Org Information - T1591
- Gather Victim Host Information - T1592
- Search Open Websites/Domains - T1593
- Search Victim-Owned Websites - T1594
- Active Scanning - T1595
- Search Open Technical Databases - T1596
- Search Closed Sources - T1597
- Phishing for Information - T1598
Threat Command - An SSL problem in a company’s domain detected
Description
This detection identifies an SSL problem in a company’s’ domain detected.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Automated Exfiltration - T1020
- Traffic Duplication - T1020.001
- Web Service - T1102
- Phishing - T1566
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Gather Victim Host Information - T1592
- Client Configurations - T1592.004
- Active Scanning - T1595
- Vulnerability Scanning - T1595.002
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - App in a malicious store
Threat Command - App in a store with a downloader
Threat Command - A problem in the company DNS server
Description
This detection identifies a problem in the company DNS server.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Application Layer Protocol - T1071
- DNS - T1071.004
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- DNS - T1590.002
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - Asset Mentions Exposed On Github
Threat Command - Attempted job scam using company-associated identity
Threat Command - A tweet mentioned a company asset
Threat Command - A vulnerability in company’s in-use technology was detected
Description
This detection identifies a vulnerability in company’s in-use technology.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Network Service Discovery - T1046
- Exploit Public-Facing Application - T1190
- Obtain Capabilities - T1588
- Vulnerabilities - T1588.006
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - Company accounts suspected as Mule Accounts
Description
This detection identifies company accounts suspected as Mule Accounts.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Valid Accounts - T1078
- Unsecured Credentials - T1552
- Exfiltration Over Web Service - T1567
- Compromise Accounts - T1586
- Obtain Capabilities - T1588
Threat Command - Company accounts with credit balance offered for sale
Threat Command - Company assets targeted in a campaign
Description
This detection identifies company assets targeted in a campaign.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Gather Victim Identity Information - T1589
- Gather Victim Network Information - T1590
- Gather Victim Org Information - T1591
- Gather Victim Host Information - T1592
- Active Scanning - T1595
Threat Command - Company confidential documents leaked
Threat Command - Company database leaked
Description
This detection identifies a company database leak.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- OS Credential Dumping - T1003
- Automated Exfiltration - T1020
- Automated Collection - T1119
- Transfer Data to Cloud Account - T1537
- Unsecured Credentials - T1552
- Credentials from Password Stores - T1555
- Credentials from Web Browsers - T1555.003
- Exfiltration Over Web Service - T1567
- Search Closed Sources - T1597
- Purchase Technical Data - T1597.002
Threat Command - Company DNS servers have AXFR transfer enabled
Threat Command - Company email contents leaked
Threat Command - Company employee credentials leaked from a 3rd party service
Description
This detection identifies company employee credentials leaked from a 3rd party service.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- OS Credential Dumping - T1003
- Network Sniffing - T1040
- Input Capture - T1056
- Valid Accounts - T1078
- Email Collection - T1114
- Credentials from Password Stores - T1555
- Gather Victim Identity Information - T1589
- Employee Names - T1589.003
- Gather Victim Org Information - T1591
- Identify Roles - T1591.004
- Phishing for Information - T1598
- Spearphishing Service - T1598.001
Threat Command - Company employee private details leaked
Threat Command - Company employees are on a target list
Threat Command - Company executive login credentials leaked
Description
This detection identifies company executive login credentials leaked.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- OS Credential Dumping - T1003
- Network Sniffing - T1040
- Input Capture - T1056
- Valid Accounts - T1078
- Credentials from Password Stores - T1555
- Phishing for Information - T1598
- Spearphishing Service - T1598.001
Threat Command - Company executive SSN leaked
Threat Command - Company executive suspicious social media profile
Description
This detection identifies company executive suspicious social media profile.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Spearphishing via Service - T1566.003
- Establish Accounts - T1585
- Social Media Accounts - T1585.001
- Compromise Accounts - T1586
- Social Media Accounts - T1586.001
- Gather Victim Org Information - T1591
- Identify Roles - T1591.004
Threat Command - Company gift cards offered for sale
Threat Command - Company internal servers credentials leaked
Description
This detection identifies company internal servers credentials leaked.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- OS Credential Dumping - T1003
- Network Sniffing - T1040
- Input Capture - T1056
- Valid Accounts - T1078
- Credentials from Password Stores - T1555
- Phishing for Information - T1598
- Spearphishing Service - T1598.001
Threat Command - Company internal service publicly exposed
Description
This detection identifies a company internal service that was publicly exposed.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Remote Services - T1021
- Valid Accounts - T1078
- Cloud Accounts - T1078.004
- External Remote Services - T1133
- Exploit Public-Facing Application - T1190
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Network Topology - T1590.004
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - Company IP address was abused
Threat Command - Company phishing website
Threat Command - Company product offered for sale illegitimately
Threat Command - Company-related credentials offered for sale
Description
This detection identifies company-related credentials offered for sale.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- OS Credential Dumping - T1003
- Network Sniffing - T1040
- Input Capture - T1056
- Valid Accounts - T1078
- Internal Spearphishing - T1534
- Credentials from Password Stores - T1555
- Phishing - T1566
- Gather Victim Identity Information - T1589
- Credentials - T1589.001
- Search Closed Sources - T1597
- Purchase Technical Data - T1597.002
Threat Command - Company related files or folders were found in a ransomware leak
Threat Command - Company sensitive data leaked
Description
This detection identifies company sensitive data that was leaked.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- OS Credential Dumping - T1003
- Email Collection - T1114
- Credentials from Password Stores - T1555
- Search Closed Sources - T1597
- Purchase Technical Data - T1597.002
Threat Command - Company software code leaked
Threat Command - Company’s secret is exposed publicly on GitHub
Description
This detection identifies company’s secret is exposed publicly on GitHub.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Data from Information Repositories - T1213
- Data from Cloud Storage Object - T1530
- Exfiltration Over Web Service - T1567
- Exfiltration to Code Repository - T1567.001
- Cloud Infrastructure Discovery - T1580
- Gather Victim Identity Information - T1589
- Credentials - T1589.001
Threat Command - Company was mentioned on suspicious Telegram channel
Threat Command - Confidential documents
Threat Command - Credit card dump offered for sale
Threat Command - Credit cards for sale
Threat Command - Custom query matched
Threat Command - Details of a company active credit card were leaked
Description
This detection identifies details of a company active credit card were leaked.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Automated Collection - T1119
- Compromise Accounts - T1586
- Obtain Capabilities - T1588
- Gather Victim Identity Information - T1589
- Credentials - T1589.001
Threat Command - Exposed services
Description
This detection identifies exposed services.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Remote Services - T1021
- Valid Accounts - T1078
- Cloud Accounts - T1078.004
- External Remote Services - T1133
- Exploit Public-Facing Application - T1190
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Network Topology - T1590.004
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - Facebook unauthorized account
Description
This detection identifies facebook unauthorized account.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Spearphishing via Service - T1566.003
- Compromise Accounts - T1586
- Social Media Accounts - T1586.001
- Gather Victim Org Information - T1591
- Identify Roles - T1591.004
Threat Command - Flood control summary alert
Threat Command - Indication of company website infection
Description
This detection identifies indication of company website infection.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Drive-by Compromise - T1189
- Exploit Public-Facing Application - T1190
- Credentials from Password Stores - T1555
- Credentials from Web Browsers - T1555.003
Threat Command - Indication of scam intent involving the company sector/region
Description
This detection identifies indication of scam intent involving the company sector/region.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Spearphishing Attachment - T1566.001
- Spearphishing Link - T1566.002
- Spearphishing via Service - T1566.003
- Compromise Infrastructure - T1584
- Web Services - T1584.006
- Establish Accounts - T1585
- Social Media Accounts - T1585.001
- Email Accounts - T1585.002
- Compromise Accounts - T1586
- Social Media Accounts - T1586.001
- Email Accounts - T1586.002
- Gather Victim Org Information - T1591
- Determine Physical Locations - T1591.001
- Business Relationships - T1591.002
- Identify Business Tempo - T1591.003
- Identify Roles - T1591.004
Threat Command - Indication of scam or attack
Description
This detection identifies indication of scam or attack.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Spearphishing Attachment - T1566.001
- Spearphishing Link - T1566.002
- Spearphishing via Service - T1566.003
- Compromise Infrastructure - T1584
- Web Services - T1584.006
- Establish Accounts - T1585
- Social Media Accounts - T1585.001
- Email Accounts - T1585.002
- Compromise Accounts - T1586
- Social Media Accounts - T1586.001
- Email Accounts - T1586.002
- Gather Victim Org Information - T1591
- Determine Physical Locations - T1591.001
- Business Relationships - T1591.002
- Identify Business Tempo - T1591.003
- Identify Roles - T1591.004
Threat Command - Intellectual property related to company sector/region offered for sale or download
Threat Command - IntelliFind queries
Threat Command - LinkedIn profile impersonating key company employee
Description
This detection identifies linkedIn profile impersonating key company employee.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Phishing - T1566
- Spearphishing via Service - T1566.003
- Establish Accounts - T1585
- Social Media Accounts - T1585.001
- Gather Victim Org Information - T1591
- Identify Roles - T1591.004
Threat Command - Malicious application resembling company assets
Threat Command - Old and unmaintained website is exposed publicly
Description
This detection identifies old and unmaintained website is exposed publicly.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Remote Services - T1021
- Valid Accounts - T1078
- Cloud Accounts - T1078.004
- External Remote Services - T1133
- Exploit Public-Facing Application - T1190
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Network Topology - T1590.004
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - Old internal login page is exposed publicly
Description
This detection identifies old internal login page is exposed publicly.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Remote Services - T1021
- Valid Accounts - T1078
- Cloud Accounts - T1078.004
- External Remote Services - T1133
- Exploit Public-Facing Application - T1190
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Network Topology - T1590.004
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - Open ports
Description
This detection identifies open ports.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Network Sniffing - T1040
- Network Service Discovery - T1046
- Traffic Signaling - T1205
- Cloud Service Dashboard - T1538
- Dynamic Resolution - T1568
- DNS Calculation - T1568.003
- Non-Standard Port - T1571
- Gather Victim Network Information - T1590
- IP Addresses - T1590.005
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - Open ports on company databases
Description
This detection identifies open ports on company databases.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Network Sniffing - T1040
- Network Service Discovery - T1046
- Traffic Signaling - T1205
- Cloud Service Dashboard - T1538
- Dynamic Resolution - T1568
- DNS Calculation - T1568.003
- Non-Standard Port - T1571
- Gather Victim Network Information - T1590
- IP Addresses - T1590.005
- Gather Victim Host Information - T1592
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005
Threat Command - Phishing kit for sale
Threat Command - Phishing watch
Threat Command - Phishing websites
Threat Command - Potential phishing email
Description
This detection identifies potential phishing email.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Phishing - T1566
- Spearphishing Attachment - T1566.001
- Spearphishing Link - T1566.002
- Compromise Accounts - T1586
- Email Accounts - T1586.002
- Phishing for Information - T1598
- Spearphishing Service - T1598.001
Threat Command - Potential phishing website
Threat Command - Problem in company domain mail server DMARC/SPF
Threat Command - Proxy/Socks servers connected to the company are offered for sale
Threat Command - Public scan report containing company assets
Threat Command - RDP servers connected to the company are offered for sale
Description
This detection identifies rDP servers connected to the company are offered for sale.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Remote Services - T1021
- Application Layer Protocol - T1071
- External Remote Services - T1133
- Search Closed Sources - T1597
- Purchase Technical Data - T1597.002
Threat Command - Suspected phishing domain
Threat Command - Suspected phishing domain content update
Threat Command - Suspected phishing domain MX update
Threat Command - Suspected phishing domain registrant update
Threat Command - Suspected phishing domain registrar update
Threat Command - Suspicious company executive social media profile
Description
This detection identifies a suspicious company executive social media profile.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Spearphishing via Service - T1566.003
- Establish Accounts - T1585
- Social Media Accounts - T1585.001
- Compromise Accounts - T1586
- Social Media Accounts - T1586.001
- Gather Victim Org Information - T1591
- Identify Roles - T1591.004
Threat Command - The details of a company active credit card offered for sale
Threat Command - The details of a company expired credit card were leaked
Description
This detection identifies the details of a company expired credit card were leaked.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Automated Collection - T1119
- Compromise Accounts - T1586
- Obtain Capabilities - T1588
- Gather Victim Identity Information - T1589
- Credentials - T1589.001
Threat Command - Tools for hacking company user accounts offered for sale
Threat Command - Twitter unauthorized account
Description
This detection identifies an unauthorized Twitter account.
Recommendation
Review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Spearphishing via Service - T1566.003
- Establish Accounts - T1585
- Social Media Accounts - T1585.001
- Compromise Accounts - T1586
- Social Media Accounts - T1586.001
- Gather Victim Org Information - T1591
- Identify Roles - T1591.004
Threat Command - Unauthorized brand use
Threat Command - Unauthorized use of company trademark in a mobile applicaiton
Threat Command - Unauthorized use of company trademark on a social media profile
Description
This detection identifies unauthorized use of company trademark on a social media profile.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Phishing - T1566
- Spearphishing via Service - T1566.003
- Compromise Accounts - T1586
- Social Media Accounts - T1586.001
- Gather Victim Org Information - T1591
- Identify Roles - T1591.004
Threat Command - Unencrypted company login page
Threat Command - Unencrypted internal company login page
Description
This detection identifies unencrypted internal company login page.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Develop Capabilities - T1587
- Digital Certificates - T1587.003
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Active Scanning - T1595
- Vulnerability Scanning - T1595.002
Threat Command - Unencrypted login page
Description
This detection identifies unencrypted login page.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- Web Service - T1102
- Phishing - T1566
- Develop Capabilities - T1587
- Digital Certificates - T1587.003
- Gather Victim Network Information - T1590
- Domain Properties - T1590.001
- Active Scanning - T1595
- Vulnerability Scanning - T1595.002
Threat Command - Vulnerabilities scenario
Threat Command - Vulnerabilities update scenario
Threat Command - Vulnerability in the company application detected
Threat Command - Vulnerability or malware related to company sector/region detected
Description
This detection identifies vulnerability or malware related to company sector/region detected.
Recommendation
Please review the alert in question.
MITRE ATT&CK Techniques
- External Remote Services - T1133
- Exploit Public-Facing Application - T1190
- Supply Chain Compromise - T1195
- Search Open Technical Databases - T1596
- Scan Databases - T1596.005