渗透测试神器Cobalt Strike服务端存在“空格”特征,可识别在野测试 (含规则)
Common Information
Type Value
UUID 2b05b424-1cb1-40a0-abfc-a942f3d7ab86
Fingerprint 80eb22b561c5f8df
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published Feb. 27, 2019, midnight
Added to db Dec. 20, 2024, 6:56 a.m.
Last updated Dec. 23, 2024, 3:25 a.m.
Headline 渗透测试神器Cobalt Strike服务端存在“空格”特征,可识别在野测试 (含规则)
Title 渗透测试神器Cobalt Strike服务端存在“空格”特征,可识别在野测试 (含规则)
Detected Hints/Tags/Attributes 11/1/11
Source URLs
Attributes
Details Type #Events CTI Value
Details Domain 4694
github.com
Details Domain 1
nanohttpd.java
Details Domain 26
blog.fox-it.com
Details Domain 6752
163.com
Details File 1
nanohttpd.java
Details File 1
cobaltstrike-servers.csv
Details Github username 1
nanohttpd
Details Github username 8
fox-it
Details Url 1
https://github.com/nanohttpd/nanohttpd-java-1.1/blob/nanohttpd-for-java1.1/nanohttpd.java#l778
Details Url 1
https://github.com/fox-it/cobaltstrike-extraneous-space/blob/master/cobaltstrike-servers.csv
Details Url 4
https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild