Anatsa Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en28
ru4
de2
zh2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia8
US: USA8
TR: Turkey6
DE: Germany4
NL: Netherland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Anatsa5
ISFB2
Cobalt Strike2
Stealc2
Hook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Smartphone Operating System4
Groupware Software4
Unified Communication Software2
Office Suite Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft8
Not Defined6
Google4
Apache2
GitHub2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android4
Microsoft Exchange Server4
Microsoft Skype for Business2
Apache OpenOffice2
GitHub Enterprise Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Telegram Web cross site scripting4.84.7$0-$5k$0-$5kNot definedNot defined 0.000900.07CVE-2022-43363
2Yealink SIP-T38G os command injection8.88.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.107060.06CVE-2013-5758
3HPE iLO 5 Local Privilege Escalation7.87.6$5k-$25k$0-$5kNot definedOfficial fix 0.000650.00CVE-2022-28629
4HPE Integrated Lights-Out 5/Integrated Lights-Out 6 improper authentication8.28.1$5k-$25k$0-$5kNot definedOfficial fix 0.000230.00CVE-2023-50272
5Obsession-Design Image-Gallery display.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.003220.00CVE-2010-0979
6Elementor Website Builder Plugin cross site scripting3.53.4$0-$5k$0-$5kNot definedNot defined 0.000320.07CVE-2024-8236
7Tianwell Fire Intelligent Command Platform API Interface page sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000090.07CVE-2024-3720
8WP Statistics Plugin class-wp-statistics-hits.php sql injection8.58.4$0-$5k$0-$5kNot definedNot definedpossible0.389890.08CVE-2022-25149
9Adobe Commerce/Magento XML Document xml external entity reference9.89.6$5k-$25k$0-$5kAttackedOfficial fixverified0.943580.05CVE-2024-34102
10Check Point Quantum Gateway/Spark Gateway/CloudGuard Network Remote Access VPN information disclosure7.57.5$0-$5k$0-$5kAttackedNot definedverified0.943270.05CVE-2024-24919
11Google Android privilege escalation8.48.3$25k-$100k$5k-$25kNot definedOfficial fix 0.000540.00CVE-2021-0877
12Google Android use after free5.45.3$5k-$25k$0-$5kNot definedOfficial fix 0.000110.00CVE-2023-21042
13Microsoft Windows Online Certificate Status Protocol SnapIn Remote Code Execution8.17.4$25k-$100k$5k-$25kUnprovenOfficial fix 0.004740.00CVE-2023-35313
14Google Chrome V8 out-of-bounds write7.57.4$25k-$100k$5k-$25kNot definedOfficial fixpossible0.580120.00CVE-2024-0517
15GitHub Enterprise Server API information disclosure3.93.8$0-$5k$0-$5kNot definedOfficial fix 0.000510.00CVE-2022-46257
16Pallets Werkzeug Debugger tbtools.py render_full cross site scripting5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.001170.00CVE-2016-10516
17Zyxel ATP/USG FLEX/VPN CGI Program exposure of private personal information to an unauthorized actor5.45.4$0-$5k$0-$5kNot definedNot defined 0.002080.00CVE-2023-22918
18Apache OpenOffice Calc command injection7.36.4$5k-$25k$0-$5kUnprovenOfficial fix 0.095300.08CVE-2014-3524
19Microsoft Windows Kerberos Remote Code Execution8.17.4$25k-$100k$5k-$25kUnprovenOfficial fix 0.032260.00CVE-2023-28244
20OpenVPN Access Server Authentication Token unusual condition4.34.3$0-$5k$0-$5kNot definedNot defined 0.019670.00CVE-2020-36382

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
191.215.85.55Anatsa05/28/2024verifiedHigh
291.242.229.85vm289569.pq.hostingAnatsa02/23/2022verifiedVery Low
3XXX.XX.XX.XXXxxxxxx.xx.xxxxxxxxx.xxxXxxxxx02/23/2022verifiedVery Low
4XXX.XX.XX.XXXxxx.xx.xx.xxx.xx-xxxx.xxxxXxxxxx12/16/2024verifiedVery High
5XXX.XXX.XXX.XXXxxxxx05/28/2024verifiedHigh
6XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx02/23/2022verifiedVery Low
7XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx02/23/2022verifiedVery Low

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx XxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/mfsNotice/pagepredictiveHigh
2FileCalcpredictiveLow
3Filexxxxx/xxxxxxx.xxpredictiveHigh
4Filexxxxxxx.xxxpredictiveMedium
5Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
7File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
8Libraryxxxxxx.xxxpredictiveMedium
9ArgumentxxxxxxpredictiveLow
10ArgumentxxxxxxpredictiveLow
11ArgumentxxpredictiveLow
12Argumentxxx_xxx_xxxxxxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!