LightBasin Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en42
zh8
de2
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn30
us14
cz2
ir2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

LightBasin8
Cobalt Strike2
Quasar RAT1
Emotet1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Application Server Software4
Programming Language Software4
SCADA Software4
Image Processing Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
SCADA Engine4
Apache4
Lutron4
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SCADA Engine BACnet OPC4
Lutron Quantum BACnet Integration4
ImageMagick2
Oracle WebLogic Server2
Cachet2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction access control6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000840.00CVE-2018-16197
3Scadaengine BACnet OPC Client csv memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.633880.03CVE-2010-4740
4Microsoft IIS FTP Command information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003610.00CVE-2012-2532
5ImageMagick pcx.c ReadPCXImage resource management5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002520.00CVE-2017-12432
6e-Quick Cart shopprojectlogin.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
7SAS Intrnet DS2CSF Macro file inclusion5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.008300.02CVE-2021-41569
8TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
9Apache OFBiz path traversal3.53.5$5k-$25k$0-$5kNot DefinedNot Defined0.104370.05CVE-2022-47501
10Onedev HTTP Header git-prereceive-callback improper authentication8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002350.03CVE-2022-39205
11Microsoft IIS HTTP 1.0 Request IP Address information disclosure3.13.0$5k-$25k$0-$5kHighOfficial Fix0.003600.02CVE-2000-0649
12Mikrotik RouterOS SNMP out-of-bounds8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003070.04CVE-2022-45315
13HubSpot Plugin Proxy REST Endpoint server-side request forgery5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2022-1239
14Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
15GIT Client Path privileges management8.58.4$5k-$25k$0-$5kHighOfficial Fix0.950860.00CVE-2014-9390
16codemirror Regular Expression incorrect regex5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.014840.04CVE-2020-7760
17Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001180.04CVE-2022-30209
18Huawei SXXXX XML Parser input validation3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2017-15346
19Openfind MailGates Email command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.008660.04CVE-2020-12782
20Microsoft Exchange Server information disclosure6.35.7$5k-$25k$0-$5kHighOfficial Fix0.347490.00CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.116.0LightBasin10/20/2021verifiedHigh
245.33.77.0LightBasin10/20/2021verifiedHigh
3XX.XX.XXX.Xxx.xx.xxx.x.xxxxx.xxxXxxxxxxxxx10/20/2021verifiedMedium
4XXX.XXX.XXX.XXxxxxxxxxx10/20/2021verifiedHigh
5XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxx.xxxXxxxxxxxxx10/20/2021verifiedMedium
6XXX.XXX.XX.XXxxxxxxxxx10/20/2021verifiedHigh
7XXX.XXX.XXX.XXxxxxxxxxx10/20/2021verifiedHigh
8XXX.XXX.XXX.XXxxxxxxxxx10/20/2021verifiedHigh
9XXX.XXX.XX.XXxxxxxxxxx10/20/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/DbXmlInfo.xmlpredictiveHigh
2File/deviceIPpredictiveMedium
3File/git-prereceive-callbackpredictiveHigh
4File/xxx/xxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxx.xpredictiveLow
8Filexxxxxx/xxx.xpredictiveMedium
9FilexxxpredictiveLow
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxx.xxpredictiveMedium
12Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
13Filex_xxxxxxxx_xxxxxpredictiveHigh
14Filexxx.xxxpredictiveLow
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxx-xxxxxxxx.xxxpredictiveHigh
18Libraryxx.xxxpredictiveLow
19Libraryxxxxxxxx.xxxpredictiveMedium
20Argumentxxxxx_xxpredictiveMedium
21Argumentx_xxxxxxxxpredictiveMedium
22ArgumentxxxxxxxxxpredictiveMedium
23Argumentx-xxxxxxxxx-xxxpredictiveHigh
24Argumentx-xxxx-xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!