Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Intel]: https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks #8

Open
jdsnape opened this issue Oct 19, 2021 · 1 comment

Comments

@jdsnape
Copy link

jdsnape commented Oct 19, 2021

Area

Malware reports

Parent threat

Credential Access, Defense Evasion, Discovery, Lateral Movement, Collection, Command and Control, Impact

Finding

https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks

Industry reference

vertical:Telecomms
attack:T1573.001:Symmetric Cryptography
attack:T1590:Gather Victim Network Information
attack:T1562.004:Disable or Modify System Firewall
attack:T1048.001:Exfiltration Over Unencrypted Non-C2 Protocol
attack:T1021.004:SSH
attack:T1037.004:RC Scripts
attack:T1090.001:Internal Proxy
attack:T1090.002:External Proxy
attack:T1110.003:Password Spraying
uses:RedirectionToNull
uses:Non-persistentStorage

Malware reference

#134
SLAPSTICK
STEELCORGI
PingPong
TINYSHELL
CordScan
SIGTRANslator
Fast Reverse Proxy
Microsocks Proxy
ProxyChains

Actor reference

LIMINAL PANDA
LightBasin
UNC1945

Component

Solaris, Linux, Telecomms

Scenario

Internal specialist services

Scenario variation

Enclave deployment

@timb-machine
Copy link
Owner

Yeh, been working on it for the last month or so. There are some updates that I dropped in today. Looking forwards to hearing more. Top class threat group.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment