LightBasin Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Langue

en	40
zh	6
ar	4
de	4

De campagne

us	22
cn	20
ir	4
gb	4
cz	2

Acteurs

LightBasin	8
Cobalt Strike	2
Emotet	1
Quasar RAT	1

Intérêt

Taper

Not Defined	28
SCADA Software	4
Groupware Software	2
Content Management System	2
Programming Language Software	2

Fournisseur

Not Defined	12
Lutron	4
Huawei	4
Scadaengine	2
Microsoft	2

Produit

Lutron Quantum BACnet Integration	4
Huawei SXXXX	4
Scadaengine BACnet OPC Client	2
e-Quick Cart	2
Microsoft Exchange Server	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction elévation de privilèges	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00084	0.00	CVE-2018-16197
3	Scadaengine BACnet OPC Client csv buffer overflow	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.63388	0.03	CVE-2010-4740
4	Microsoft IIS FTP Command divulgation de l'information	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00361	0.00	CVE-2012-2532
5	ImageMagick pcx.c ReadPCXImage dénie de service	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00252	0.00	CVE-2017-12432
6	e-Quick Cart shopprojectlogin.asp sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.04
7	SAS Intrnet DS2CSF Macro elévation de privilèges	5.5	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00830	0.02	CVE-2021-41569
8	TikiWiki tiki-register.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.55	CVE-2006-6168
9	Apache OFBiz directory traversal	3.5	3.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.11306	0.02	CVE-2022-47501
10	Onedev HTTP Header git-prereceive-callback authentification faible	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.03	CVE-2022-39205
11	Microsoft IIS HTTP 1.0 Request IP Address divulgation de l'information	3.1	3.0	$5k-$25k	$0-$5k	High	Official Fix	0.00360	0.02	CVE-2000-0649
12	Mikrotik RouterOS SNMP divulgation de l'information	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00307	0.02	CVE-2022-45315
13	HubSpot Plugin Proxy REST Endpoint elévation de privilèges	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2022-1239
14	Huawei ACXXXX/SXXXX SSH Packet elévation de privilèges	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00246	0.02	CVE-2014-8572
15	GIT Client Path elévation de privilèges	8.5	8.4	$5k-$25k	$0-$5k	High	Official Fix	0.95086	0.02	CVE-2014-9390
16	codemirror Regular Expression elévation de privilèges	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01484	0.02	CVE-2020-7760
17	Microsoft Windows IIS Remote Code Execution	7.6	7.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00104	0.06	CVE-2022-30209
18	Huawei SXXXX XML Parser elévation de privilèges	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2017-15346
19	Openfind MailGates Email elévation de privilèges	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00866	0.02	CVE-2020-12782
20	Microsoft Exchange Server divulgation de l'information	6.3	5.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.38801	0.03	CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	45.32.116.0		LightBasin	20/10/2021	verified	Élevé
2	45.33.77.0		LightBasin	20/10/2021	verified	Élevé
3	XX.XX.XXX.X	xx.xx.xxx.x.xxxxx.xxx	Xxxxxxxxxx	20/10/2021	verified	Moyen
4	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	Élevé
5	XXX.XXX.XX.X	xxx.xxx.xx.x.xxxxx.xxx	Xxxxxxxxxx	20/10/2021	verified	Moyen
6	XXX.XXX.XX.X		Xxxxxxxxxx	20/10/2021	verified	Élevé
7	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	Élevé
8	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	Élevé
9	XXX.XXX.XX.X		Xxxxxxxxxx	20/10/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1059	CWE-94	Argument Injection	predictive	Élevé
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/DbXmlInfo.xml	predictive	Élevé
2	File	/deviceIP	predictive	Moyen
3	File	/git-prereceive-callback	predictive	Élevé
4	File	/xxx/xxxxxxxxxx.xxx	predictive	Élevé
5	File	xxxxxxxxxxxxx.xxx	predictive	Élevé
6	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Élevé
7	File	xxxx.x	predictive	Faible
8	File	xxxxxx/xxx.x	predictive	Moyen
9	File	xxx	predictive	Faible
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
11	File	xxx/xxx.xx	predictive	Moyen
12	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	Élevé
13	File	x_xxxxxxxx_xxxxx	predictive	Élevé
14	File	xxx.xxx	predictive	Faible
15	File	xxxxxxx.xxx	predictive	Moyen
16	File	xxxxxxxxxxxxxxxx.xxx	predictive	Élevé
17	File	xxxx-xxxxxxxx.xxx	predictive	Élevé
18	Library	xx.xxx	predictive	Faible
19	Library	xxxxxxxx.xxx	predictive	Moyen
20	Argument	xxxxx_xx	predictive	Moyen
21	Argument	x_xxxxxxxx	predictive	Moyen
22	Argument	xxxxxxxxx	predictive	Moyen
23	Argument	x-xxxxxxxxx-xxx	predictive	Élevé
24	Argument	x-xxxx-xxxxx	predictive	Moyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!