LightBasin Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Zeitverlauf

Sprache

en42
ar4
de4
jp2
zh2

Land

cn28
us18
gb4
ir4

Akteure

LightBasin7
Cobalt Strike2
Emotet1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined28
Network Camera Software4
Programming Language Software2
WordPress Plugin2
Network Management Software2

Hersteller

Not Defined14
Huawei4
Google2
RLE2
Thomas R. Pasawicz2

Produkt

Huawei SXXXX4
Cachet2
e-Quick Cart2
Google Go2
HubSpot Plugin2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction erweiterte Rechte6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00084CVE-2018-16197
3Scadaengine BACnet OPC Client csv Pufferüberlauf10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.63388CVE-2010-4740
4Microsoft IIS FTP Command Information Disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00361CVE-2012-2532
5ImageMagick pcx.c ReadPCXImage Denial of Service5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00252CVE-2017-12432
6e-Quick Cart shopprojectlogin.asp SQL Injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00000
7SAS Intrnet DS2CSF Macro erweiterte Rechte5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00830CVE-2021-41569
8TikiWiki tiki-register.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix8.010.01009CVE-2006-6168
9Apache OFBiz Directory Traversal3.53.5$5k-$25k$0-$5kNot DefinedNot Defined0.020.11945CVE-2022-47501
10Onedev HTTP Header git-prereceive-callback schwache Authentisierung8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00218CVE-2022-39205
11Microsoft IIS HTTP 1.0 Request IP Address Information Disclosure3.13.0$5k-$25k$0-$5kHighOfficial Fix0.050.00360CVE-2000-0649
12Mikrotik RouterOS SNMP Information Disclosure8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.00307CVE-2022-45315
13HubSpot Plugin Proxy REST Endpoint erweiterte Rechte5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00104CVE-2022-1239
14Huawei ACXXXX/SXXXX SSH Packet erweiterte Rechte7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00246CVE-2014-8572
15GIT Client Path erweiterte Rechte8.58.4$5k-$25k$0-$5kHighOfficial Fix0.020.95465CVE-2014-9390
16codemirror Regular Expression erweiterte Rechte5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01484CVE-2020-7760
17Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00107CVE-2022-30209
18Huawei SXXXX XML Parser erweiterte Rechte3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00056CVE-2017-15346
19Openfind MailGates Email erweiterte Rechte8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00866CVE-2020-12782
20Microsoft Exchange Server Information Disclosure6.35.5$5k-$25k$0-$5kUnprovenOfficial Fix0.030.42570CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
145.32.116.0LightBasin20.10.2021verifiziertHigh
245.33.77.0LightBasin20.10.2021verifiziertHigh
3XX.XX.XXX.Xxx.xx.xxx.x.xxxxx.xxxXxxxxxxxxx20.10.2021verifiziertMedium
4XXX.XXX.XXX.XXxxxxxxxxx20.10.2021verifiziertHigh
5XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxx.xxxXxxxxxxxxx20.10.2021verifiziertMedium
6XXX.XXX.XX.XXxxxxxxxxx20.10.2021verifiziertHigh
7XXX.XXX.XXX.XXxxxxxxxxx20.10.2021verifiziertHigh
8XXX.XXX.XXX.XXxxxxxxxxx20.10.2021verifiziertHigh
9XXX.XXX.XX.XXxxxxxxxxx20.10.2021verifiziertHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
6TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/DbXmlInfo.xmlprädiktivHigh
2File/deviceIPprädiktivMedium
3File/git-prereceive-callbackprädiktivHigh
4File/xxx/xxxxxxxxxx.xxxprädiktivHigh
5Filexxxxxxxxxxxxx.xxxprädiktivHigh
6Filexxxx/xxxxxxxxxxxx.xxxprädiktivHigh
7Filexxxx.xprädiktivLow
8Filexxxxxx/xxx.xprädiktivMedium
9FilexxxprädiktivLow
10Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
11Filexxx/xxx.xxprädiktivMedium
12Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxprädiktivHigh
13Filex_xxxxxxxx_xxxxxprädiktivHigh
14Filexxx.xxxprädiktivLow
15Filexxxxxxx.xxxprädiktivMedium
16Filexxxxxxxxxxxxxxxx.xxxprädiktivHigh
17Filexxxx-xxxxxxxx.xxxprädiktivHigh
18Libraryxx.xxxprädiktivLow
19Libraryxxxxxxxx.xxxprädiktivMedium
20Argumentxxxxx_xxprädiktivMedium
21Argumentx_xxxxxxxxprädiktivMedium
22ArgumentxxxxxxxxxprädiktivMedium
23Argumentx-xxxxxxxxx-xxxprädiktivHigh
24Argumentx-xxxx-xxxxxprädiktivMedium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!