Names | CordScan | |
Category | Malware | |
Type | Reconnaissance | |
Description | (CrowdStrike) This executable is a network scanning and packet capture utility that contains built-in logic relating to the application layer of telecommunications systems, which allows for fingerprinting and the retrieval of additional data when dealing with common telecommunication protocols from infrastructure such as SGSNs. SGSNs could be targets for further collection by the adversary, as they are responsible for packet data delivery to and from mobile stations and also hold location information for registered GPRS users. CrowdStrike identified multiple versions of this utility, including a cross-compiled version for systems running on ARM architecture, such as Huawei’s commercial CentOS-based operating system EulerOS. | |
Information | <https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/> |
Last change to this tool card: 03 November 2021
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
LightBasin | [Unknown] | 2016 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |