CordScan

Description

(CrowdStrike) This executable is a network scanning and packet capture utility that contains built-in logic relating to the application layer of telecommunications systems, which allows for fingerprinting and the retrieval of additional data when dealing with common telecommunication protocols from infrastructure such as SGSNs. SGSNs could be targets for further collection by the adversary, as they are responsible for packet data delivery to and from mobile stations and also hold location information for registered GPRS users. CrowdStrike identified multiple versions of this utility, including a cross-compiled version for systems running on ARM architecture, such as Huawei’s commercial CentOS-based operating system EulerOS.

Names

Name
CordScan

Type

Reconnaissance

Information

https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/

Other Information

Uuid

4f1b6373-fc44-4148-bc21-5bf02c56430a

Last Card Change

2021-11-03

Threat Intelligence Garden

Explorer

CordScan

CordScan

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks