You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yeh, been working on it for the last month or so. There are some updates that I dropped in today. Looking forwards to hearing more. Top class threat group.
timb-machine
changed the title
"Lightbasin"
[Intel]: https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks
Apr 19, 2022
Area
Malware reports
Parent threat
Credential Access, Defense Evasion, Discovery, Lateral Movement, Collection, Command and Control, Impact
Finding
https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks
Industry reference
vertical:Telecomms
attack:T1573.001:Symmetric Cryptography
attack:T1590:Gather Victim Network Information
attack:T1562.004:Disable or Modify System Firewall
attack:T1048.001:Exfiltration Over Unencrypted Non-C2 Protocol
attack:T1021.004:SSH
attack:T1037.004:RC Scripts
attack:T1090.001:Internal Proxy
attack:T1090.002:External Proxy
attack:T1110.003:Password Spraying
uses:RedirectionToNull
uses:Non-persistentStorage
Malware reference
#134
SLAPSTICK
STEELCORGI
PingPong
TINYSHELL
CordScan
SIGTRANslator
Fast Reverse Proxy
Microsocks Proxy
ProxyChains
Actor reference
LIMINAL PANDA
LightBasin
UNC1945
Component
Solaris, Linux, Telecomms
Scenario
Internal specialist services
Scenario variation
Enclave deployment
The text was updated successfully, but these errors were encountered: