Anatsa Analysis

IOB - Indicator of Behavior (9)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	4
ru	4
de	2

Country

de	4
us	2
ru	2
gb	2

Actors

Anatsa	3
UAC-0056	1
Raccoon Stealer	1
FIN7	1

Activities

Interest

Timeline

Type

Router Operating System	2
Not Defined	2
Content Management System	2
Unified Communication Software	2
Anti-Malware Software	2

Vendor

Not Defined	4
TP-LINK	2
Microsoft	2
Malwarebytes	2

Product

TP-LINK TL-WR840N	2
TP-LINK TL-WR841N	2
Laravel	2
WordPress	2
Microsoft Skype for Business	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	WordPress sql injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.17	0.01034	CVE-2022-21664
2	Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation	7.7	7.3	$5k-$25k	$0-$5k	High	Official Fix	0.06	0.31667	CVE-2022-41082
3	Microsoft Exchange Server ProxyNotShell server-side request forgery	7.5	7.5	$25k-$100k	$0-$5k	High	Workaround	0.03	0.02355	CVE-2022-41040
4	Laravel PendingBroadcast.php dispatch deserialization	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08	0.00000	CVE-2022-30778
5	TP-LINK Archer C5 Configuration File unrestricted upload	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.15362	CVE-2018-19537
6	TP-LINK TL-WR840N/TL-WR841N Session session fixiation	8.5	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.06	0.08382	CVE-2018-11714
7	Malwarebytes Anti-Malware Driver FARFLT.SYS input validation	7.2	7.2	$0-$5k	Calculating	Not Defined	Not Defined	0.00	0.00885	CVE-2018-5279
8	Apache HTTP Server mod_mime memory corruption	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.05242	CVE-2017-7679
9	Microsoft Skype for Business data processing	7.0	6.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.16751	CVE-2017-0281

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Type	Confidence
1	91.242.229.85	vm289569.pq.hosting	Anatsa	verified	High
2	XXX.XX.XX.XXX	xxxxxx.xx.xxxxxxxxx.xxx	Xxxxxx	verified	High
3	XXX.XXX.XX.XX	xxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxx	verified	High
4	XXX.XXX.XX.XX	xxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxx	verified	High

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1505	CWE-89	SQL Injection	predictive	High
2	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	Illuminate\Broadcasting\PendingBroadcast.php	predictive	High
2	Library	xxxxxx.xxx	predictive	Medium
3	Argument	xxx_xxx_xxxxxxxx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!