LightBasin Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Język

en	42
zh	6
de	4
ar	2

Kraj

cn	32
us	16
ir	6

Aktorzy

LightBasin	7
Cobalt Strike	2
Quasar RAT	1

Wysiłek

Rodzaj

Not Defined	24
Network Camera Software	4
Application Server Software	4
Image Processing Software	2
Groupware Software	2

Sprzedawca

Not Defined	14
Microsoft	4
Apache	4
Lutron	2
Bosch	2

Produkt

ImageMagick	2
Lutron Quantum BACnet Integration	2
Microsoft Exchange Server	2
Bosch IP Camera	2
Netgear SRX5308	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction privilege escalation	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00084	0.00	CVE-2018-16197
3	Scadaengine BACnet OPC Client csv memory corruption	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.63388	0.03	CVE-2010-4740
4	Microsoft IIS FTP Command information disclosure	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00361	0.00	CVE-2012-2532
5	ImageMagick pcx.c ReadPCXImage denial of service	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00252	0.00	CVE-2017-12432
6	e-Quick Cart shopprojectlogin.asp sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.04
7	SAS Intrnet DS2CSF Macro privilege escalation	5.5	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00830	0.02	CVE-2021-41569
8	TikiWiki tiki-register.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.38	CVE-2006-6168
9	Apache OFBiz directory traversal	3.5	3.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.10437	0.02	CVE-2022-47501
10	Onedev HTTP Header git-prereceive-callback weak authentication	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.03	CVE-2022-39205
11	Microsoft IIS HTTP 1.0 Request IP Address information disclosure	3.1	3.0	$5k-$25k	$0-$5k	High	Official Fix	0.00360	0.02	CVE-2000-0649
12	Mikrotik RouterOS SNMP information disclosure	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00307	0.04	CVE-2022-45315
13	HubSpot Plugin Proxy REST Endpoint privilege escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2022-1239
14	Huawei ACXXXX/SXXXX SSH Packet privilege escalation	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00246	0.07	CVE-2014-8572
15	GIT Client Path privilege escalation	8.5	8.4	$5k-$25k	$0-$5k	High	Official Fix	0.95086	0.02	CVE-2014-9390
16	codemirror Regular Expression privilege escalation	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01484	0.05	CVE-2020-7760
17	Microsoft Windows IIS Remote Code Execution	7.6	7.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00104	0.06	CVE-2022-30209
18	Huawei SXXXX XML Parser privilege escalation	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2017-15346
19	Openfind MailGates Email privilege escalation	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00866	0.02	CVE-2020-12782
20	Microsoft Exchange Server information disclosure	6.3	5.7	$5k-$25k	$0-$5k	High	Official Fix	0.38801	0.10	CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	45.32.116.0		LightBasin	2021-10-20	verified	Wysoki
2	45.33.77.0		LightBasin	2021-10-20	verified	Wysoki
3	XX.XX.XXX.X	xx.xx.xxx.x.xxxxx.xxx	Xxxxxxxxxx	2021-10-20	verified	Medium
4	XXX.XXX.XXX.X		Xxxxxxxxxx	2021-10-20	verified	Wysoki
5	XXX.XXX.XX.X	xxx.xxx.xx.x.xxxxx.xxx	Xxxxxxxxxx	2021-10-20	verified	Medium
6	XXX.XXX.XX.X		Xxxxxxxxxx	2021-10-20	verified	Wysoki
7	XXX.XXX.XXX.X		Xxxxxxxxxx	2021-10-20	verified	Wysoki
8	XXX.XXX.XXX.X		Xxxxxxxxxx	2021-10-20	verified	Wysoki
9	XXX.XXX.XX.X		Xxxxxxxxxx	2021-10-20	verified	Wysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/DbXmlInfo.xml	predictive	Wysoki
2	File	/deviceIP	predictive	Medium
3	File	/git-prereceive-callback	predictive	Wysoki
4	File	/xxx/xxxxxxxxxx.xxx	predictive	Wysoki
5	File	xxxxxxxxxxxxx.xxx	predictive	Wysoki
6	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Wysoki
7	File	xxxx.x	predictive	Niski
8	File	xxxxxx/xxx.x	predictive	Medium
9	File	xxx	predictive	Niski
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
11	File	xxx/xxx.xx	predictive	Medium
12	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	Wysoki
13	File	x_xxxxxxxx_xxxxx	predictive	Wysoki
14	File	xxx.xxx	predictive	Niski
15	File	xxxxxxx.xxx	predictive	Medium
16	File	xxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
17	File	xxxx-xxxxxxxx.xxx	predictive	Wysoki
18	Library	xx.xxx	predictive	Niski
19	Library	xxxxxxxx.xxx	predictive	Medium
20	Argument	xxxxx_xx	predictive	Medium
21	Argument	x_xxxxxxxx	predictive	Medium
22	Argument	xxxxxxxxx	predictive	Medium
23	Argument	x-xxxxxxxxx-xxx	predictive	Wysoki
24	Argument	x-xxxx-xxxxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!