LightBasin Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (70)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en62
zh6
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA32
CN: China30
IR: Iran4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

LightBasin8
Cobalt Strike2
Quasar RAT1
Emotet1
Sliver1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined38
Content Management System4
Programming Language Software4
Router Operating System2
Document Reader Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Microsoft6
Lutron4
Apache4
Siemens2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Lutron Quantum BACnet Integration4
Siemens APOGEE PXC2
Siemens TALON TC BACnet2
Opencast2
Mikrotik RouterOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042771.70CVE-2006-6168
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
3Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction access control6.46.4$5k-$25k$5k-$25kNot definedNot defined 0.000950.00CVE-2018-16197
4Scadaengine BACnet OPC Client csv memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.598030.05CVE-2010-4740
5HP Operations Manager File Upload org.apache.catalina.manager.HTMLManagerServlet access control10.010.0$5k-$25k$0-$5kHighNot definedexpected0.868310.08CVE-2009-3843
6Indexu suggest_category.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000001.26
7LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000002.22
8Vesystem Cloud Desktop fileupload.php unrestricted upload6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.001460.08CVE-2024-3803
9Itech Dating Script see_more_details.php sql injection7.57.2$0-$5k$0-$5kProof-of-ConceptUnavailable 0.000510.00CVE-2017-20135
10Project Worlds Student Project Allocation System Project Selection Page move_up_project.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000490.07CVE-2024-10425
11ESAFENET CDG MailDecryptApplicationService.java actionPassMainApplication sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000590.00CVE-2024-10069
12Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.869681.55CVE-2020-15906
13SourceCodester Food Ordering Management System Price place-order.php improper validation of specified quantity in input4.34.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.000920.00CVE-2024-8558
14Microsoft Windows Management Console use after free8.88.1$100k and more$25k-$100kUnprovenOfficial fix 0.031320.03CVE-2024-38259
15Phpkobo Short URL common.inc.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.019260.09CVE-2010-1060
16Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.006750.08CVE-2007-2046
17PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002850.52CVE-2007-0529
18Microchip Techology Advanced Software Framework DHCP Server tinydhcpserver.C lwip_dhcp_find_option buffer overflow9.89.8$0-$5k$0-$5kNot definedNot defined 0.011080.00CVE-2024-7490
19Microsoft IIS FTP Command information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.196450.00CVE-2012-2532
20ImageMagick pcx.c ReadPCXImage resource management5.45.1$0-$5kCalculatingNot definedOfficial fix 0.002160.00CVE-2017-12432

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.116.0LightBasin10/20/2021verifiedVery Low
245.33.77.0LightBasin10/20/2021verifiedVery Low
3XX.XX.XXX.Xxx.xx.xxx.x.xxxxx.xxxXxxxxxxxxx10/20/2021verifiedVery Low
4XXX.XXX.XXX.XXxxxxxxxxx10/20/2021verifiedVery Low
5XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxx.xxxXxxxxxxxxx10/20/2021verifiedVery Low
6XXX.XXX.XX.XXxxxxxxxxx10/20/2021verifiedVery Low
7XXX.XXX.XXX.XXxxxxxxxxx10/20/2021verifiedVery Low
8XXX.XXX.XXX.XXxxxxxxxxx10/20/2021verifiedVery Low
9XXX.XXX.XX.XXxxxxxxxxx10/20/2021verifiedVery Low

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/com/esafenet/servlet/client/MailDecryptApplicationService.javapredictiveHigh
2File/DbXmlInfo.xmlpredictiveHigh
3File/deviceIPpredictiveMedium
4File/foms/routers/place-order.phppredictiveHigh
5File/forum/away.phppredictiveHigh
6File/git-prereceive-callbackpredictiveHigh
7File/xxx/xxxxxxxxxx.xxxpredictiveHigh
8File/xxxxxx/xxxxxxxxxxx/x.x.x/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
9File/xxx_xxxx_xxxxxxx.xxxpredictiveHigh
10File/xxxxxxx/xxxxxxx_xxxxxxxxx/xxxx_xx_xxxxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx.xpredictiveLow
15Filexxxxxx/xxx.xpredictiveMedium
16FilexxxpredictiveLow
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxx.xxpredictiveMedium
19Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
20Filexxxxx.xxxxpredictiveMedium
21Filex_xxxxxxxx_xxxxxpredictiveHigh
22Filexxx.xxxxxx.xxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
23Filexxx.xxxpredictiveLow
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
27Filexxxx-xxxxx.xxxpredictiveHigh
28Filexxxx-xxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxxxx.xpredictiveHigh
30Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
31Libraryxx.xxxpredictiveLow
32Libraryxxxxxxxx.xxxpredictiveMedium
33ArgumentxxxxpredictiveLow
34Argumentxxxxx_xxxpredictiveMedium
35ArgumentxxxxpredictiveLow
36ArgumentxxpredictiveLow
37Argumentxxxxx_xxpredictiveMedium
38Argumentx_xxxxxxxxpredictiveMedium
39Argumentxxxx_xxxxpredictiveMedium
40ArgumentxxxxxxxxxpredictiveMedium
41ArgumentxxxxxpredictiveLow
42ArgumentxxpredictiveLow
43Argumentx-xxxxxxxxx-xxxpredictiveHigh
44Argumentx-xxxx-xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!