Anatsa Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Tidslinje

Lang

ru8
de4
en4
zh2

Land

us6
ru4
gb4
cn2
tr2

Skådespelare

RecordBreaker1
Elephant1
Raccoon1
FIN71
Vidar1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined6
Groupware Software4
Router Operating System2
Operating System2
Unified Communication Software2

Säljare

Microsoft8
TP-LINK4
Not Defined2
Swagger2
Malwarebytes2

Produkt

Microsoft Exchange Server4
TP-LINK TL-WR840N2
TP-LINK TL-WR841N2
JAI-EXT2
Microsoft Windows2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Google Chrome V8 minneskorruption7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000800.04CVE-2024-0517
2Microsoft Windows Kerberos Remote Code Execution8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.003090.02CVE-2023-28244
3OpenVPN Access Server Authentication Token privilegier eskalering4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002020.00CVE-2020-36382
4Vesta Control Panel/myVesta UploadHandler.php privilegier eskalering7.17.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020280.00CVE-2021-28379
5JAI-EXT Janino privilegier eskalering8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.821700.00CVE-2022-24816
6Swagger UI URL informationsgivning4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002650.04CVE-2018-25031
7John G. Myers mpack munpack minneskorruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.012030.00CVE-2002-1424
8Squid Proxy HTTP Header privilegier eskalering5.44.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002480.00CVE-2015-0881
9WordPress sql injektion6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
10Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation7.77.3$5k-$25k$0-$5kHighOfficial Fix0.115060.03CVE-2022-41082
11Microsoft Exchange Server ProxyNotShell privilegier eskalering7.57.5$25k-$100k$0-$5kHighWorkaround0.966440.04CVE-2022-41040
12Laravel PendingBroadcast.php dispatch privilegier eskalering6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.02CVE-2022-30778
13TP-LINK Archer C5 Configuration File privilegier eskalering5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.004140.00CVE-2018-19537
14TP-LINK TL-WR840N/TL-WR841N Session svag autentisering8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.300570.07CVE-2018-11714
15Malwarebytes Anti-Malware Driver FARFLT.SYS privilegier eskalering7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2018-5279
16Apache HTTP Server mod_mime minneskorruption8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006430.00CVE-2017-7679
17Microsoft Skype for Business Remote Code Execution7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.093110.00CVE-2017-0281

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
191.242.229.85vm289569.pq.hostingAnatsa23/02/2022verifiedHög
2XXX.XX.XX.XXXxxxxxx.xx.xxxxxxxxx.xxxXxxxxx23/02/2022verifiedHög
3XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx23/02/2022verifiedHög
4XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx23/02/2022verifiedHög

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHög
2TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
3TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
4TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1FileIlluminate\Broadcasting\PendingBroadcast.phppredictiveHög
2Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHög
3Libraryxxxxxx.xxxpredictiveMedium
4Argumentxxx_xxx_xxxxxxxxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!