Anatsa تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

التسلسل الزمني

اللغة

en8
de6
zh2
ru2

البلد

us8
tr4
de4
gb2

الفاعلين

Anatsa2
RecordBreaker1
Elephant1
Raccoon1
FIN71

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined10
Unified Communication Software2
Anti-Malware Software2
Web Server2
Network Encryption Software2

المجهز

Not Defined4
Microsoft2
Malwarebytes2
Apache2
John G. Myers2

منتج

JAI-EXT2
Microsoft Skype for Business2
Malwarebytes Anti-Malware2
Apache HTTP Server2
John G. Myers mpack2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Google Chrome V8 تلف الذاكرة7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.00080CVE-2024-0517
2Microsoft Windows Kerberos Remote Code Execution8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00214CVE-2023-28244
3OpenVPN Access Server Authentication Token تجاوز الصلاحيات4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00202CVE-2020-36382
4Vesta Control Panel/myVesta UploadHandler.php تجاوز الصلاحيات7.17.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01835CVE-2021-28379
5JAI-EXT Janino تجاوز الصلاحيات8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.82170CVE-2022-24816
6Swagger UI URL الكشف عن المعلومات4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00265CVE-2018-25031
7John G. Myers mpack munpack تلف الذاكرة7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01203CVE-2002-1424
8Squid Proxy HTTP Header تجاوز الصلاحيات5.44.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.00248CVE-2015-0881
9WordPress حقن إس كيو إل6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00467CVE-2022-21664
10Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation7.77.3$5k-$25k$0-$5kHighOfficial Fix0.030.11506CVE-2022-41082
11Microsoft Exchange Server ProxyNotShell تجاوز الصلاحيات7.57.5$25k-$100k$0-$5kHighWorkaround0.000.96591CVE-2022-41040
12Laravel PendingBroadcast.php dispatch تجاوز الصلاحيات6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00049CVE-2022-30778
13TP-LINK Archer C5 Configuration File تجاوز الصلاحيات5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00414CVE-2018-19537
14TP-LINK TL-WR840N/TL-WR841N Session توثيق ضعيف8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.030.30057CVE-2018-11714
15Malwarebytes Anti-Malware Driver FARFLT.SYS تجاوز الصلاحيات7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00042CVE-2018-5279
16Apache HTTP Server mod_mime تلف الذاكرة8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00643CVE-2017-7679
17Microsoft Skype for Business Remote Code Execution7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.09311CVE-2017-0281

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
191.242.229.85vm289569.pq.hostingAnatsa23/02/2022verifiedعالي
2XXX.XX.XX.XXXxxxxxx.xx.xxxxxxxxx.xxxXxxxxx23/02/2022verifiedعالي
3XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx23/02/2022verifiedعالي
4XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx23/02/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059CWE-94Argument Injectionpredictiveعالي
2TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
3TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
4TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1FileIlluminate\Broadcasting\PendingBroadcast.phppredictiveعالي
2Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveعالي
3Libraryxxxxxx.xxxpredictiveمتوسط
4Argumentxxx_xxx_xxxxxxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!