LightBasin تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

اللغة

en	44
de	4
ar	4
zh	2

البلد

cn	26
us	20
ir	6
gb	2

الفاعلين

LightBasin	7
Cobalt Strike	1
Quasar RAT	1
Emotet	1

الاهتمام

النوع

Not Defined	20
SCADA Software	4
WordPress Plugin	4
Content Management System	4
Photo Gallery Software	2

المجهز

Not Defined	18
SCADA Engine	4
Apache	4
Microsoft	4
Laravel	2

منتج

SCADA Engine BACnet OPC	4
PhpWebGallery	2
Laravel Framework	2
Apache James	2
Yii Framework	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction تجاوز الصلاحيات	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00084	CVE-2018-16197
3	Scadaengine BACnet OPC Client csv تلف الذاكرة	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.63388	CVE-2010-4740
4	Microsoft IIS FTP Command الكشف عن المعلومات	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00361	CVE-2012-2532
5	ImageMagick pcx.c ReadPCXImage الحرمان من الخدمة	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00252	CVE-2017-12432
6	e-Quick Cart shopprojectlogin.asp حقن إس كيو إل	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00000
7	SAS Intrnet DS2CSF Macro تجاوز الصلاحيات	5.5	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00830	CVE-2021-41569
8	TikiWiki tiki-register.php تجاوز الصلاحيات	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	8.12	0.01009	CVE-2006-6168
9	Apache OFBiz اجتياز الدليل	3.5	3.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02	0.11945	CVE-2022-47501
10	Onedev HTTP Header git-prereceive-callback توثيق ضعيف	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00218	CVE-2022-39205
11	Microsoft IIS HTTP 1.0 Request IP Address الكشف عن المعلومات	3.1	3.0	$5k-$25k	$0-$5k	High	Official Fix	0.03	0.00360	CVE-2000-0649
12	Mikrotik RouterOS SNMP الكشف عن المعلومات	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.08	0.00307	CVE-2022-45315
13	HubSpot Plugin Proxy REST Endpoint تجاوز الصلاحيات	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00104	CVE-2022-1239
14	Huawei ACXXXX/SXXXX SSH Packet تجاوز الصلاحيات	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00246	CVE-2014-8572
15	GIT Client Path تجاوز الصلاحيات	8.5	8.4	$5k-$25k	$0-$5k	High	Official Fix	0.02	0.95465	CVE-2014-9390
16	codemirror Regular Expression تجاوز الصلاحيات	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01484	CVE-2020-7760
17	Microsoft Windows IIS Remote Code Execution	7.6	7.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.04	0.00107	CVE-2022-30209
18	Huawei SXXXX XML Parser تجاوز الصلاحيات	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00056	CVE-2017-15346
19	Openfind MailGates Email تجاوز الصلاحيات	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00866	CVE-2020-12782
20	Microsoft Exchange Server الكشف عن المعلومات	6.3	5.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.03	0.42570	CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	45.32.116.0		LightBasin	20/10/2021	verified	عالي
2	45.33.77.0		LightBasin	20/10/2021	verified	عالي
3	XX.XX.XXX.X	xx.xx.xxx.x.xxxxx.xxx	Xxxxxxxxxx	20/10/2021	verified	متوسط
4	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	عالي
5	XXX.XXX.XX.X	xxx.xxx.xx.x.xxxxx.xxx	Xxxxxxxxxx	20/10/2021	verified	متوسط
6	XXX.XXX.XX.X		Xxxxxxxxxx	20/10/2021	verified	عالي
7	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	عالي
8	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	عالي
9	XXX.XXX.XX.X		Xxxxxxxxxx	20/10/2021	verified	عالي

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CWE-22	Path Traversal	predictive	عالي
2	T1059	CWE-94	Argument Injection	predictive	عالي
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/DbXmlInfo.xml	predictive	عالي
2	File	/deviceIP	predictive	متوسط
3	File	/git-prereceive-callback	predictive	عالي
4	File	/xxx/xxxxxxxxxx.xxx	predictive	عالي
5	File	xxxxxxxxxxxxx.xxx	predictive	عالي
6	File	xxxx/xxxxxxxxxxxx.xxx	predictive	عالي
7	File	xxxx.x	predictive	واطئ
8	File	xxxxxx/xxx.x	predictive	متوسط
9	File	xxx	predictive	واطئ
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	عالي
11	File	xxx/xxx.xx	predictive	متوسط
12	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	عالي
13	File	x_xxxxxxxx_xxxxx	predictive	عالي
14	File	xxx.xxx	predictive	واطئ
15	File	xxxxxxx.xxx	predictive	متوسط
16	File	xxxxxxxxxxxxxxxx.xxx	predictive	عالي
17	File	xxxx-xxxxxxxx.xxx	predictive	عالي
18	Library	xx.xxx	predictive	واطئ
19	Library	xxxxxxxx.xxx	predictive	متوسط
20	Argument	xxxxx_xx	predictive	متوسط
21	Argument	x_xxxxxxxx	predictive	متوسط
22	Argument	xxxxxxxxx	predictive	متوسط
23	Argument	x-xxxxxxxxx-xxx	predictive	عالي
24	Argument	x-xxxx-xxxxx	predictive	متوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!