Cobalt Strike Beacon Detected - 54[.]238[.]39[.]64:443 - RedPacket Security
Tags
country: | Japan |
attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 |
Common Information
Type | Value |
---|---|
UUID | 397a92cc-27f5-47da-87e2-4d54b6d7be11 |
Fingerprint | 414b4b605f8cce4d |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | Dec. 23, 2024, 12:03 p.m. |
Added to db | Dec. 23, 2024, 3:09 p.m. |
Last updated | Dec. 23, 2024, 3:10 p.m. |
Headline | Cobalt Strike Beacon Detected – 54[.]238[.]39[.]64:443 |
Title | Cobalt Strike Beacon Detected - 54[.]238[.]39[.]64:443 - RedPacket Security |
Detected Hints/Tags/Attributes | 23/2/11 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 361 | ✔ | RedPacket Security | https://www.redpacketsecurity.com/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 90 | amazonaws.com |
|
Details | Domain | 1 | south-polarisaustralis.com |
|
Details | Domain | 1 | ec2-54-238-39-64.ap-northeast-1.compute.amazonaws.com |
|
Details | Domain | 1 | bravo.south-polarisaustralis.com |
|
Details | Domain | 334 | amazon.com |
|
Details | Domain | 1 | d2rtpgoredf4t3.cloudfront.net |
|
Details | Domain | 1 | dsr4dyvbextic.cloudfront.net |
|
Details | File | 478 | security.txt |
|
Details | File | 430 | process-inject.exe |
|
Details | sha1 | 1 | b465150aa7f4fe68d9ccca226d3241c2cf911c42 |
|
Details | IPv4 | 1 | 54.238.39.64 |