渗透测试神器Cobalt Strike服务端存在“空格”特征,可识别在野测试 (含规则)
Tags
attack-pattern: | Server - T1583.004 Server - T1584.004 |
Common Information
Type | Value |
---|---|
UUID | 2b05b424-1cb1-40a0-abfc-a942f3d7ab86 |
Fingerprint | 80eb22b561c5f8df |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | Feb. 27, 2019, midnight |
Added to db | Dec. 20, 2024, 6:56 a.m. |
Last updated | Dec. 23, 2024, 3:25 a.m. |
Headline | 渗透测试神器Cobalt Strike服务端存在“空格”特征,可识别在野测试 (含规则) |
Title | 渗透测试神器Cobalt Strike服务端存在“空格”特征,可识别在野测试 (含规则) |
Detected Hints/Tags/Attributes | 11/1/11 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/8653 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 4694 | github.com |
|
Details | Domain | 1 | nanohttpd.java |
|
Details | Domain | 26 | blog.fox-it.com |
|
Details | Domain | 6752 | 163.com |
|
Details | File | 1 | nanohttpd.java |
|
Details | File | 1 | cobaltstrike-servers.csv |
|
Details | Github username | 1 | nanohttpd |
|
Details | Github username | 8 | fox-it |
|
Details | Url | 1 | https://github.com/nanohttpd/nanohttpd-java-1.1/blob/nanohttpd-for-java1.1/nanohttpd.java#l778 |
|
Details | Url | 1 | https://github.com/fox-it/cobaltstrike-extraneous-space/blob/master/cobaltstrike-servers.csv |
|
Details | Url | 4 | https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild |