Anatsa 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

タイムライン

言語

en12
de4
ru2

国・地域

us6
ru4
tr4
de2
gb2

アクター

Anatsa2
RecordBreaker1
Elephant1
Raccoon1
FIN71

アクティビティ

関心

タイムライン

タイプ

Not Defined6
Web Server2
Unified Communication Software2
Network Encryption Software2
Firewall Software2

ベンダー

Microsoft4
Apache2
OpenVPN2
Squid2
Swagger2

製品

Apache HTTP Server2
Microsoft Skype for Business2
OpenVPN Access Server2
Squid Proxy2
Swagger UI2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Google Chrome V8 メモリ破損7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000800.04CVE-2024-0517
2Microsoft Windows Kerberos Remote Code Execution8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.003090.02CVE-2023-28244
3OpenVPN Access Server Authentication Token 特権昇格4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002020.00CVE-2020-36382
4Vesta Control Panel/myVesta UploadHandler.php 特権昇格7.17.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020280.00CVE-2021-28379
5JAI-EXT Janino 特権昇格8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.821700.03CVE-2022-24816
6Swagger UI URL 情報の漏洩4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002650.04CVE-2018-25031
7John G. Myers mpack munpack メモリ破損7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.012030.00CVE-2002-1424
8Squid Proxy HTTP Header 特権昇格5.44.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002480.00CVE-2015-0881
9WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
10Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation7.77.3$5k-$25k$0-$5kHighOfficial Fix0.115060.03CVE-2022-41082
11Microsoft Exchange Server ProxyNotShell 特権昇格7.57.5$25k-$100k$0-$5kHighWorkaround0.966440.04CVE-2022-41040
12Laravel PendingBroadcast.php dispatch 特権昇格6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.02CVE-2022-30778
13TP-LINK Archer C5 Configuration File 特権昇格5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.004140.00CVE-2018-19537
14TP-LINK TL-WR840N/TL-WR841N Session 弱い認証8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.300570.10CVE-2018-11714
15Malwarebytes Anti-Malware Driver FARFLT.SYS 特権昇格7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2018-5279
16Apache HTTP Server mod_mime メモリ破損8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006430.03CVE-2017-7679
17Microsoft Skype for Business Remote Code Execution7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.093110.00CVE-2017-0281

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
191.242.229.85vm289569.pq.hostingAnatsa2022年02月23日verified
2XXX.XX.XX.XXXxxxxxx.xx.xxxxxxxxx.xxxXxxxxx2022年02月23日verified
3XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx2022年02月23日verified
4XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx2022年02月23日verified

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1059CAPEC-242CWE-94Argument Injectionpredictive
2TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
3TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
4TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1FileIlluminate\Broadcasting\PendingBroadcast.phppredictive
2Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictive
3Libraryxxxxxx.xxxpredictive
4Argumentxxx_xxx_xxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!