Anatsa Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

ru8
en6
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

gb4
ru4
tr4
us2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Anatsa2
RecordBreaker1
Elephant1
Raccoon1
FIN71

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Web Server2
Web Browser2
Groupware Software2
Unified Communication Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
Microsoft4
Apache2
TP-LINK2
John G. Myers2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server2
TP-LINK Archer C52
John G. Myers mpack2
Google Chrome2
JAI-EXT2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Google Chrome V8 out-of-bounds write7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000800.04CVE-2024-0517
2Microsoft Windows Kerberos Remote Code Execution8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.003090.02CVE-2023-28244
3OpenVPN Access Server Authentication Token unusual condition4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002020.00CVE-2020-36382
4Vesta Control Panel/myVesta UploadHandler.php unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020280.00CVE-2021-28379
5JAI-EXT Janino code injection8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.821700.00CVE-2022-24816
6Swagger UI URL information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002650.04CVE-2018-25031
7John G. Myers mpack munpack memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.012030.00CVE-2002-1424
8Squid Proxy HTTP Header crlf injection5.44.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002480.00CVE-2015-0881
9WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
10Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation7.77.3$5k-$25k$0-$5kHighOfficial Fix0.106980.00CVE-2022-41082
11Microsoft Exchange Server ProxyNotShell server-side request forgery7.57.5$5k-$25k$0-$5kHighWorkaround0.966160.03CVE-2022-41040
12Laravel PendingBroadcast.php dispatch deserialization6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.02CVE-2022-30778
13TP-LINK Archer C5 Configuration File unrestricted upload5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.004140.00CVE-2018-19537
14TP-LINK TL-WR840N/TL-WR841N Session session fixiation8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.339800.08CVE-2018-11714
15Malwarebytes Anti-Malware Driver FARFLT.SYS input validation7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000420.03CVE-2018-5279
16Apache HTTP Server mod_mime memory corruption8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006430.09CVE-2017-7679
17Microsoft Skype for Business data processing7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.093110.00CVE-2017-0281

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
191.242.229.85vm289569.pq.hostingAnatsa02/23/2022verifiedHigh
2XXX.XX.XX.XXXxxxxxx.xx.xxxxxxxxx.xxxXxxxxx02/23/2022verifiedHigh
3XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx02/23/2022verifiedHigh
4XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx02/23/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1FileIlluminate\Broadcasting\PendingBroadcast.phppredictiveHigh
2Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
3Libraryxxxxxx.xxxpredictiveMedium
4Argumentxxx_xxx_xxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!