LIGHTRAIL

Description

(Mandiant) LIGHTRAIL has several connections to MINIBIKE and MINIBUS in the form of (1) a shared code base, (2) Azure C2 infrastructure with similar patterns and naming, and (3) overlapping targets and victimology.

LIGHTRAIL communicates with an Azure C2 subdomain of the form [.][.]cloudapp[.]azure[.]com. Mandiant assesses with medium confidence that both LIGHTRAIL and MINIBIKE were used to target the same victim environment at least once.

Names

Name
LIGHTRAIL

Type

Tunneling

Information

https://cloud.google.com/blog/topics/threat-intelligence/suspected-iranian-unc1549-targets-israel-middle-east

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.lightrail

Other Information

Uuid

ab879427-d09c-453f-8f4b-62ba1f887f5b

Last Card Change

2024-12-29

Threat Intelligence Garden

Explorer

LIGHTRAIL

LIGHTRAIL

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks