ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool CordScan

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: CordScan

NamesCordScan
CategoryMalware
TypeReconnaissance
Description(CrowdStrike) This executable is a network scanning and packet capture utility that contains built-in logic relating to the application layer of telecommunications systems, which allows for fingerprinting and the retrieval of additional data when dealing with common telecommunication protocols from infrastructure such as SGSNs. SGSNs could be targets for further collection by the adversary, as they are responsible for packet data delivery to and from mobile stations and also hold location information for registered GPRS users. CrowdStrike identified multiple versions of this utility, including a cross-compiled version for systems running on ARM architecture, such as Huawei’s commercial CentOS-based operating system EulerOS.
Information<https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/>

Last change to this tool card: 03 November 2021

Download this tool card in JSON format

Previous: CORALDECK
Next: CoreBot

All groups using tool CordScan

ChangedNameCountryObserved

APT groups

XLightBasin[Unknown]2016 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]