Cobalt Strike Beacon Detected - 45[.]14[.]226[.]17:80 - RedPacket Security
Tags
| country: | Netherlands |
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | 344e8302-d33a-4338-ba91-4ced194cefc3 |
| Fingerprint | 614b43641b88ca85 |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 10, 2024, 12:16 p.m. |
| Added to db | Nov. 10, 2024, 1:42 p.m. |
| Last updated | Nov. 17, 2024, 6:53 p.m. |
| Headline | Cobalt Strike Beacon Detected – 45[.]14[.]226[.]17:80 |
| Title | Cobalt Strike Beacon Detected - 45[.]14[.]226[.]17:80 - RedPacket Security |
| Detected Hints/Tags/Attributes | 19/2/15 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 361 | ✔ | RedPacket Security | https://www.redpacketsecurity.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | phanes-cloud.com |
|
| Details | Domain | 1 | 45-14-226-17.hosted-by.phanes-cloud.com |
|
| Details | Domain | 1 | www.gooogle.cyou |
|
| Details | File | 383 | security.txt |
|
| Details | File | 343 | process-inject.exe |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | IPv4 | 1 | 45.14.226.17 |
|
| Details | IPv4 | 1 | 104.21.59.129 |
|
| Details | IPv4 | 5 | 172.64.80.1 |
|
| Details | IPv4 | 2 | 172.67.177.132 |
|
| Details | IPv4 | 4 | 188.114.96.3 |
|
| Details | IPv4 | 5 | 188.114.97.7 |
|
| Details | IPv4 | 3 | 188.114.96.9 |
|
| Details | IPv4 | 7 | 188.114.97.3 |