Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:15:17 UTC
Home > List all groups > List all tools > List all groups using tool SIGTRANslator
 Tool: SIGTRANslator
Names SIGTRANslator
Category Malware
Type Exfiltration, Tunneling
Description
(CrowdStrike) This executable provides LightBasin with the ability to transmit data via
telecommunication-specific protocols, while monitoring the data being transmitted.
SIGTRANslator is a Linux ELF binary capable of sending and receiving data via various
SIGTRAN protocols, which are used to carry public switched telephone network (PSTN)
signaling over IP networks. This signaling data includes valuable metadata such as telephone
numbers called by a specific mobile station. Data transmitted to and from SIGTRANslator via
these protocols is also sent to a remote C2 host that connects to a port opened by the binary.
This allows the remote C2 server to siphon data flowing through the binary and send data to
SIGTRANslator from the C2 to be re-sent via a SIGTRAN protocol.
Information Last change to this tool card: 03 November 2021
Download this tool card in JSON format
All groups using tool SIGTRANslator
Changed Name Country Observed
APT groups
 LightBasin 2016
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b8f0aab4-4597-4980-ae51-d65bda1e64e4
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b8f0aab4-4597-4980-ae51-d65bda1e64e4
Page 1 of 1