 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: SIGTRANslator| Names | SIGTRANslator | |
| Category | Malware | |
| Type | Exfiltration, Tunneling | |
| Description | (CrowdStrike) This executable provides LightBasin with the ability to transmit data via telecommunication-specific protocols, while monitoring the data being transmitted. SIGTRANslator is a Linux ELF binary capable of sending and receiving data via various SIGTRAN protocols, which are used to carry public switched telephone network (PSTN) signaling over IP networks. This signaling data includes valuable metadata such as telephone numbers called by a specific mobile station. Data transmitted to and from SIGTRANslator via these protocols is also sent to a remote C2 host that connects to a port opened by the binary. This allows the remote C2 server to siphon data flowing through the binary and send data to SIGTRANslator from the C2 to be re-sent via a SIGTRAN protocol. | |
| Information | <https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/> | |
Last change to this tool card: 03 November 2021
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| LightBasin | [Unknown] | 2016 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |