LightBasin Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Tidslinje

Lang

en48
zh6

Land

cn24
us22
ir2
cz2

Skådespelare

LightBasin8
Cobalt Strike2
Emotet1
Quasar RAT1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined30
Application Server Software4
Web Server2
Image Processing Software2
Network Management Software2

Säljare

Not Defined20
Apache6
Huawei4
Lutron4
Microsoft2

Produkt

Huawei SXXXX4
Lutron Quantum BACnet Integration4
Apache OFBiz2
Cachet2
Microsoft IIS2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction privilegier eskalering6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000840.00CVE-2018-16197
3Scadaengine BACnet OPC Client csv minneskorruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.633880.03CVE-2010-4740
4Microsoft IIS FTP Command informationsgivning5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003610.00CVE-2012-2532
5ImageMagick pcx.c ReadPCXImage förnekande av tjänsten5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002520.00CVE-2017-12432
6e-Quick Cart shopprojectlogin.asp sql injektion6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
7SAS Intrnet DS2CSF Macro privilegier eskalering5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.008300.02CVE-2021-41569
8TikiWiki tiki-register.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0100910.00CVE-2006-6168
9Apache OFBiz kataloggenomgång3.53.5$5k-$25k$5k-$25kNot DefinedNot Defined0.113060.02CVE-2022-47501
10Onedev HTTP Header git-prereceive-callback svag autentisering8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001940.03CVE-2022-39205
11Microsoft IIS HTTP 1.0 Request IP Address informationsgivning3.13.0$5k-$25k$0-$5kHighOfficial Fix0.003600.02CVE-2000-0649
12Mikrotik RouterOS SNMP informationsgivning8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003070.04CVE-2022-45315
13HubSpot Plugin Proxy REST Endpoint privilegier eskalering5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2022-1239
14Huawei ACXXXX/SXXXX SSH Packet privilegier eskalering7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.02CVE-2014-8572
15GIT Client Path privilegier eskalering8.58.4$5k-$25k$0-$5kHighOfficial Fix0.950860.02CVE-2014-9390
16codemirror Regular Expression privilegier eskalering5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.014840.02CVE-2020-7760
17Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001070.06CVE-2022-30209
18Huawei SXXXX XML Parser privilegier eskalering3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2017-15346
19Openfind MailGates Email privilegier eskalering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.008660.02CVE-2020-12782
20Microsoft Exchange Server informationsgivning6.35.5$5k-$25k$0-$5kUnprovenOfficial Fix0.388010.03CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.32.116.0LightBasin20/10/2021verifiedHög
245.33.77.0LightBasin20/10/2021verifiedHög
3XX.XX.XXX.Xxx.xx.xxx.x.xxxxx.xxxXxxxxxxxxx20/10/2021verifiedMedium
4XXX.XXX.XXX.XXxxxxxxxxx20/10/2021verifiedHög
5XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxx.xxxXxxxxxxxxx20/10/2021verifiedMedium
6XXX.XXX.XX.XXxxxxxxxxx20/10/2021verifiedHög
7XXX.XXX.XXX.XXxxxxxxxxx20/10/2021verifiedHög
8XXX.XXX.XXX.XXxxxxxxxxx20/10/2021verifiedHög
9XXX.XXX.XX.XXxxxxxxxxx20/10/2021verifiedHög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22Path TraversalpredictiveHög
2T1059CWE-94Argument InjectionpredictiveHög
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/DbXmlInfo.xmlpredictiveHög
2File/deviceIPpredictiveMedium
3File/git-prereceive-callbackpredictiveHög
4File/xxx/xxxxxxxxxx.xxxpredictiveHög
5Filexxxxxxxxxxxxx.xxxpredictiveHög
6Filexxxx/xxxxxxxxxxxx.xxxpredictiveHög
7Filexxxx.xpredictiveLåg
8Filexxxxxx/xxx.xpredictiveMedium
9FilexxxpredictiveLåg
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
11Filexxx/xxx.xxpredictiveMedium
12Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHög
13Filex_xxxxxxxx_xxxxxpredictiveHög
14Filexxx.xxxpredictiveLåg
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxxxxxxxxxxx.xxxpredictiveHög
17Filexxxx-xxxxxxxx.xxxpredictiveHög
18Libraryxx.xxxpredictiveLåg
19Libraryxxxxxxxx.xxxpredictiveMedium
20Argumentxxxxx_xxpredictiveMedium
21Argumentx_xxxxxxxxpredictiveMedium
22ArgumentxxxxxxxxxpredictiveMedium
23Argumentx-xxxxxxxxx-xxxpredictiveHög
24Argumentx-xxxx-xxxxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Might our Artificial Intelligence support you?

Check our Alexa App!