ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool SIGTRANslator

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: SIGTRANslator

NamesSIGTRANslator
CategoryMalware
TypeExfiltration, Tunneling
Description(CrowdStrike) This executable provides LightBasin with the ability to transmit data via telecommunication-specific protocols, while monitoring the data being transmitted. SIGTRANslator is a Linux ELF binary capable of sending and receiving data via various SIGTRAN protocols, which are used to carry public switched telephone network (PSTN) signaling over IP networks. This signaling data includes valuable metadata such as telephone numbers called by a specific mobile station. Data transmitted to and from SIGTRANslator via these protocols is also sent to a remote C2 host that connects to a port opened by the binary. This allows the remote C2 server to siphon data flowing through the binary and send data to SIGTRANslator from the C2 to be re-sent via a SIGTRAN protocol.
Information<https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/>

Last change to this tool card: 03 November 2021

Download this tool card in JSON format

Previous: SIGFLIP
Next: Silence

All groups using tool SIGTRANslator

ChangedNameCountryObserved

APT groups

 LightBasin[Unknown]2016 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]