Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Intel]: https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks #8

Open
jdsnape opened this issue Oct 19, 2021 · 1 comment
Open

[Intel]: https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks #8

jdsnape opened this issue Oct 19, 2021 · 1 comment
Assignees
@timb-machine
Labels
deprecated:template ignore:tag:T1005 ignore:tag:T1021.002 ignore:tag:T1037 ignore:tag:T1048 ignore:tag:T1057 ignore:tag:T1070.004 ignore:tag:T1071.001 ignore:tag:T1491 ignore:tag:T1546.004 ignore:tag:T1562.004 ignore:tag:T1567 ignore:tag:T1573 ignore:tag:T1590 missing:tag:Non-persistentStorage missing:tag:RedirectionToNull

Comments

@jdsnape
Copy link

jdsnape commented Oct 19, 2021
edited by timb-machine

Area

Malware reports

Parent threat

Credential Access, Defense Evasion, Discovery, Lateral Movement, Collection, Command and Control, Impact

Finding

https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks

Industry reference

vertical:Telecomms
attack:T1573.001:Symmetric Cryptography
attack:T1590:Gather Victim Network Information
attack:T1562.004:Disable or Modify System Firewall
attack:T1048.001:Exfiltration Over Unencrypted Non-C2 Protocol
attack:T1021.004:SSH
attack:T1037.004:RC Scripts
attack:T1090.001:Internal Proxy
attack:T1090.002:External Proxy
attack:T1110.003:Password Spraying

Malware reference

#134
SLAPSTICK
STEELCORGI
PingPong
TINYSHELL
CordScan
SIGTRANslator
Fast Reverse Proxy
Microsocks Proxy
ProxyChains

Actor reference

LightBasin
UNC1945

Component

Solaris, Linux, Telecomms

Scenario

Internal specialist services

Scenario variation

Enclave deployment
@timb-machine
Copy link
Owner

Yeh, been working on it for the last month or so. There are some updates that I dropped in today. Looking forwards to hearing more. Top class threat group.

@timb-machine timb-machine changed the title "Lightbasin" [Intel]: https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks Apr 19, 2022
@timb-machine timb-machine self-assigned this Apr 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timb-machine timb-machine

Labels
deprecated:template ignore:tag:T1005 ignore:tag:T1021.002 ignore:tag:T1037 ignore:tag:T1048 ignore:tag:T1057 ignore:tag:T1070.004 ignore:tag:T1071.001 ignore:tag:T1491 ignore:tag:T1546.004 ignore:tag:T1562.004 ignore:tag:T1567 ignore:tag:T1573 ignore:tag:T1590 missing:tag:Non-persistentStorage missing:tag:RedirectionToNull
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdsnape @timb-machine