timb-machine
commented
2 years ago Yeh, been working on it for the last month or so. There are some updates that I dropped in today. Looking forwards to hearing more. Top class threat group.
Open jdsnape opened 2 years ago
timb-machine
commented
2 years ago Yeh, been working on it for the last month or so. There are some updates that I dropped in today. Looking forwards to hearing more. Top class threat group.
Area
Malware reports
Parent threat
Credential Access, Defense Evasion, Discovery, Lateral Movement, Collection, Command and Control, Impact
Finding
https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks
Industry reference
vertical:Telecomms attack:T1573.001:Symmetric Cryptography attack:T1590:Gather Victim Network Information attack:T1562.004:Disable or Modify System Firewall attack:T1048.001:Exfiltration Over Unencrypted Non-C2 Protocol attack:T1021.004:SSH attack:T1037.004:RC Scripts attack:T1090.001:Internal Proxy attack:T1090.002:External Proxy attack:T1110.003:Password Spraying
Malware reference
https://github.com/timb-machine/linux-malware/issues/134 SLAPSTICK STEELCORGI PingPong TINYSHELL CordScan SIGTRANslator Fast Reverse Proxy Microsocks Proxy ProxyChains
Actor reference
LightBasin UNC1945
Component
Solaris, Linux, Telecomms
Scenario
Internal specialist services
Scenario variation
Enclave deployment