LightBasin Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Idioma

en	40
zh	8
de	4
ar	2

País

cn	28
us	20
ir	4
gb	2

Actores

LightBasin	7
Cobalt Strike	2
Quasar RAT	1
Emotet	1

Interesse

Tipo

Not Defined	26
Network Camera Software	4
SCADA Software	4
Content Management System	2
Router Operating System	2

Fabricante

Not Defined	14
Huawei	4
Microsoft	4
Netgear	2
Bosch	2

Produto

Huawei SXXXX	4
DokuWiki	2
Onedev	2
Netgear SRX5308	2
Bosch IP Camera	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction direitos alargados	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00084	0.00	CVE-2018-16197
3	Scadaengine BACnet OPC Client csv Excesso de tampão	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.63388	0.03	CVE-2010-4740
4	Microsoft IIS FTP Command Divulgação de Informação	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00361	0.00	CVE-2012-2532
5	ImageMagick pcx.c ReadPCXImage Negação de Serviço	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00252	0.00	CVE-2017-12432
6	e-Quick Cart shopprojectlogin.asp Injecção SQL	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.04
7	SAS Intrnet DS2CSF Macro direitos alargados	5.5	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00830	0.02	CVE-2021-41569
8	TikiWiki tiki-register.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	10.00	CVE-2006-6168
9	Apache OFBiz Directório Traversal	3.5	3.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.11306	0.02	CVE-2022-47501
10	Onedev HTTP Header git-prereceive-callback Fraca autenticação	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.03	CVE-2022-39205
11	Microsoft IIS HTTP 1.0 Request IP Address Divulgação de Informação	3.1	3.0	$5k-$25k	$0-$5k	High	Official Fix	0.00360	0.02	CVE-2000-0649
12	Mikrotik RouterOS SNMP Divulgação de Informação	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00307	0.04	CVE-2022-45315
13	HubSpot Plugin Proxy REST Endpoint direitos alargados	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2022-1239
14	Huawei ACXXXX/SXXXX SSH Packet direitos alargados	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00246	0.02	CVE-2014-8572
15	GIT Client Path direitos alargados	8.5	8.4	$5k-$25k	$0-$5k	High	Official Fix	0.95086	0.02	CVE-2014-9390
16	codemirror Regular Expression direitos alargados	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01484	0.02	CVE-2020-7760
17	Microsoft Windows IIS Remote Code Execution	7.6	7.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00107	0.06	CVE-2022-30209
18	Huawei SXXXX XML Parser direitos alargados	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2017-15346
19	Openfind MailGates Email direitos alargados	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00866	0.02	CVE-2020-12782
20	Microsoft Exchange Server Divulgação de Informação	6.3	5.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.38801	0.03	CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	45.32.116.0		LightBasin	20/10/2021	verified	Alto
2	45.33.77.0		LightBasin	20/10/2021	verified	Alto
3	XX.XX.XXX.X	xx.xx.xxx.x.xxxxx.xxx	Xxxxxxxxxx	20/10/2021	verified	Médio
4	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	Alto
5	XXX.XXX.XX.X	xxx.xxx.xx.x.xxxxx.xxx	Xxxxxxxxxx	20/10/2021	verified	Médio
6	XXX.XXX.XX.X		Xxxxxxxxxx	20/10/2021	verified	Alto
7	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	Alto
8	XXX.XXX.XXX.X		Xxxxxxxxxx	20/10/2021	verified	Alto
9	XXX.XXX.XX.X		Xxxxxxxxxx	20/10/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/DbXmlInfo.xml	predictive	Alto
2	File	/deviceIP	predictive	Médio
3	File	/git-prereceive-callback	predictive	Alto
4	File	/xxx/xxxxxxxxxx.xxx	predictive	Alto
5	File	xxxxxxxxxxxxx.xxx	predictive	Alto
6	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxxx.x	predictive	Baixo
8	File	xxxxxx/xxx.x	predictive	Médio
9	File	xxx	predictive	Baixo
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
11	File	xxx/xxx.xx	predictive	Médio
12	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	Alto
13	File	x_xxxxxxxx_xxxxx	predictive	Alto
14	File	xxx.xxx	predictive	Baixo
15	File	xxxxxxx.xxx	predictive	Médio
16	File	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
17	File	xxxx-xxxxxxxx.xxx	predictive	Alto
18	Library	xx.xxx	predictive	Baixo
19	Library	xxxxxxxx.xxx	predictive	Médio
20	Argument	xxxxx_xx	predictive	Médio
21	Argument	x_xxxxxxxx	predictive	Médio
22	Argument	xxxxxxxxx	predictive	Médio
23	Argument	x-xxxxxxxxx-xxx	predictive	Alto
24	Argument	x-xxxx-xxxxx	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!