Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the…
Tags
| attack-pattern: | Data Ip Addresses - T1590.005 Rundll32 - T1218.011 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 447843b6-c267-49c7-bff3-08b1b8ad0dac |
| Fingerprint | 8168a2be3992be0f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 14, 2021, 3:40 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives |
| Title | Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the… |
| Detected Hints/Tags/Attributes | 66/1/357 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | officecalendar.biz |
|
| Details | Domain | 1 | accounts.bankpaygateway.com |
|
| Details | Domain | 1 | aphina-sec.com |
|
| Details | Domain | 1 | avetool.com |
|
| Details | Domain | 1 | bigbrotheriswatchingyou.herokuapp.com |
|
| Details | Domain | 1 | bookcasegreeting632.roman-indigo.com |
|
| Details | Domain | 1 | braunballon.com |
|
| Details | Domain | 1 | cdn.sogou-update.com |
|
| Details | Domain | 1 | cdn.usbankcreditcards.com |
|
| Details | Domain | 51 | cloudflare.com |
|
| Details | Domain | 2 | clubuz.com |
|
| Details | Domain | 1 | control.commanderinthe.cloud |
|
| Details | Domain | 1 | cuphq.com |
|
| Details | Domain | 1 | cymkpuadkduz.xyz |
|
| Details | Domain | 1 | d3kgm44zuz83i3.cloudfront.net |
|
| Details | Domain | 1 | dailyhealthguide.org |
|
| Details | Domain | 1 | dain22.net |
|
| Details | Domain | 1 | dataoss.microsoft.com |
|
| Details | Domain | 1 | kunluncan.com |
|
| Details | Domain | 1 | dataprotocol.site |
|
| Details | Domain | 1 | docrule.com |
|
| Details | Domain | 1 | prepcar.com |
|
| Details | Domain | 1 | domways.com |
|
| Details | Domain | 1 | exrap.com |
|
| Details | Domain | 1 | fastpic-domain.com |
|
| Details | Domain | 1 | fastpighostmerch.com |
|
| Details | Domain | 1 | fedex-global.com |
|
| Details | Domain | 1 | forteupdate.com |
|
| Details | Domain | 1 | fubukipr.xyz |
|
| Details | Domain | 1 | fut1.net |
|
| Details | Domain | 1 | gonzofabriq.com |
|
| Details | Domain | 1 | grayballon.com |
|
| Details | Domain | 1 | greattxmsng-imgx.com |
|
| Details | Domain | 1 | hars2t.com |
|
| Details | Domain | 1 | isaacrevia.com |
|
| Details | Domain | 1 | jquery.thinkphp.me |
|
| Details | Domain | 1 | js.news1010.net |
|
| Details | Domain | 1 | kasaa.net |
|
| Details | Domain | 1 | keit1on.net |
|
| Details | Domain | 2 | lagrom.com |
|
| Details | Domain | 1 | lhweb.xyz |
|
| Details | Domain | 1 | liojikd.com |
|
| Details | Domain | 1 | luoli233.top |
|
| Details | Domain | 1 | maren2.com |
|
| Details | Domain | 1 | mgfee.com |
|
| Details | Domain | 1 | microsoftchina.org |
|
| Details | Domain | 1 | mingrand.com |
|
| Details | Domain | 1 | pnwcontent-delivery.com |
|
| Details | Domain | 1 | presidentofschool14.com |
|
| Details | Domain | 1 | register.hr-tencent.com |
|
| Details | Domain | 1 | repdot.com |
|
| Details | Domain | 1 | safeconnections.xyz |
|
| Details | Domain | 1 | sbgprodib.oberto.za.net |
|
| Details | Domain | 1 | scalewa.com |
|
| Details | Domain | 1 | service.office247.tech |
|
| Details | Domain | 1 | service-0dibtqsv-1255352921.cd.apigw.tencentcs.com |
|
| Details | Domain | 1 | 1252742900.sh.apigw.tencentcs.com |
|
| Details | Domain | 1 | service-6eqxujkd-1255352921.cd.apigw.tencentcs.com |
|
| Details | Domain | 1 | 1304343953.gz.apigw.tencentcs.com |
|
| Details | Domain | 1 | service-j024ikqq-1259268926.gz.apigw.tencentcs.com |
|
| Details | Domain | 1 | service-muqfpxbh-1304245224.cd.apigw.tencentcs.com |
|
| Details | Domain | 1 | 1300400844.cd.apigw.tencentcs.com |
|
| Details | Domain | 1 | service-pfzr9eww-1304703456.hk.apigw.tencentcs.com |
|
| Details | Domain | 1 | services.rogerscorp.cloud |
|
| Details | Domain | 1 | sitehealthcheck.org |
|
| Details | Domain | 1 | syscx.com |
|
| Details | Domain | 1 | test.axibala.club |
|
| Details | Domain | 1 | test2.floridasattorneys.com |
|
| Details | Domain | 1 | tmestoragetest.azureedge.net |
|
| Details | Domain | 2 | touchroof.com |
|
| Details | Domain | 2 | focuslex.com |
|
| Details | Domain | 1 | ts.wii.qq.com |
|
| Details | Domain | 1 | tulls.net |
|
| Details | Domain | 1 | udpdeliveryddp.com |
|
| Details | Domain | 1 | update.software-update.tk |
|
| Details | Domain | 1 | vianodata.com |
|
| Details | Domain | 1 | 668526.com |
|
| Details | Domain | 1 | wellser.org |
|
| Details | Domain | 1 | wenku.qq.com |
|
| Details | Domain | 1 | cdnhwc1.com |
|
| Details | Domain | 1 | workfromhomeblueprints.azureedge.net |
|
| Details | Domain | 2 | www.bankrate.com |
|
| Details | Domain | 27 | cnn.com |
|
| Details | Domain | 44 | www.bloomberg.com |
|
| Details | Domain | 1 | www.csmu.website |
|
| Details | Domain | 1 | www.cumberlandplasticsurgery.com |
|
| Details | Domain | 1 | www.google-dev.tk |
|
| Details | Domain | 1 | www.hellomrsone.com |
|
| Details | Domain | 1 | www.nfsq.ml |
|
| Details | Domain | 1 | www.qiniu.com |
|
| Details | Domain | 1 | x-w-x.herokuapp.com |
|
| Details | Domain | 1 | zipflag.com |
|
| Details | File | 17 | __utm.gif |
|
| Details | File | 44 | submit.php |
|
| Details | File | 15 | %windir%\syswow64\rundll32.exe |
|
| Details | File | 13 | %windir%\sysnative\rundll32.exe |
|
| Details | File | 1 | kj.js |
|
| Details | File | 1 | ur.js |
|
| Details | File | 10 | visit.js |
|
| Details | File | 18 | ga.js |
|
| Details | File | 8 | all.js |
|
| Details | File | 218 | min.js |
|
| Details | File | 8 | ie9compatviewlist.xml |
|
| Details | File | 8 | updates.rss |
|
| Details | File | 9 | dot.gif |
|
| Details | File | 6 | pixel.gif |
|
| Details | File | 4 | dtcla.php |
|
| Details | File | 47 | index.jsp |
|
| Details | File | 1 | bg.css |
|
| Details | File | 2 | 312-s-fourth-st.html |
|
| Details | File | 1 | copyright.js |
|
| Details | File | 1 | fam_newspaper.html |
|
| Details | File | 1 | hr.css |
|
| Details | File | 1 | ppptp.jpg |
|
| Details | File | 2 | release.html |
|
| Details | File | 1 | posting.js |
|
| Details | File | 8 | find.html |
|
| Details | File | 1 | pol.php |
|
| Details | File | 11 | common.php |
|
| Details | File | 1 | classsvc.php |
|
| Details | File | 1 | webfont.css |
|
| Details | File | 1 | releases.js |
|
| Details | File | 3 | copyright.css |
|
| Details | File | 1 | template.css |
|
| Details | File | 82 | default.aspx |
|
| Details | File | 1 | en.css |
|
| Details | File | 1 | sq.css |
|
| Details | File | 1 | link.css |
|
| Details | File | 1 | logo.js |
|
| Details | File | 1 | na.js |
|
| Details | File | 1 | ak.js |
|
| Details | File | 3 | send.html |
|
| Details | File | 1 | release.js |
|
| Details | File | 1 | fo.html |
|
| Details | File | 1 | sm.html |
|
| Details | File | 1 | 1304343953.gz |
|
| Details | File | 1 | service-j024ikqq-1259268926.gz |
|
| Details | File | 74 | main.js |
|
| Details | File | 1 | ky.js |
|
| Details | File | 816 | index.html |
|
| Details | File | 252 | www.cs |
|
| Details | IPv4 | 1 | 193.29.13.201 |
|
| Details | IPv4 | 1 | 1.14.132.218 |
|
| Details | IPv4 | 1 | 1.15.139.40 |
|
| Details | IPv4 | 1 | 1.15.175.22 |
|
| Details | IPv4 | 1 | 1.15.230.57 |
|
| Details | IPv4 | 6 | 10.10.16.2 |
|
| Details | IPv4 | 1 | 10.248.1.135 |
|
| Details | IPv4 | 1 | 100.24.56.227 |
|
| Details | IPv4 | 1 | 101.132.149.198 |
|
| Details | IPv4 | 1 | 101.132.251.212 |
|
| Details | IPv4 | 1 | 101.28.128.125 |
|
| Details | IPv4 | 1 | 101.28.128.116 |
|
| Details | IPv4 | 1 | 101.28.128.29 |
|
| Details | IPv4 | 1 | 103.234.54.146 |
|
| Details | IPv4 | 1 | 103.234.72.248 |
|
| Details | IPv4 | 1 | 103.234.72.64 |
|
| Details | IPv4 | 1 | 103.242.133.19 |
|
| Details | IPv4 | 1 | 103.73.97.119 |
|
| Details | IPv4 | 1 | 103.79.79.16 |
|
| Details | IPv4 | 1 | 104.243.46.74 |
|
| Details | IPv4 | 1 | 104.248.148.74 |
|
| Details | IPv4 | 1 | 104.36.231.42 |
|
| Details | IPv4 | 1 | 106.15.197.67 |
|
| Details | IPv4 | 1 | 106.52.152.85 |
|
| Details | IPv4 | 1 | 106.52.181.247 |
|
| Details | IPv4 | 1 | 106.55.153.204 |
|
| Details | IPv4 | 1 | 108.166.207.133 |
|
| Details | IPv4 | 1 | 109.201.142.17 |
|
| Details | IPv4 | 1 | 109.236.84.121 |
|
| Details | IPv4 | 1 | 113.31.118.7 |
|
| Details | IPv4 | 1 | 114.117.208.80 |
|
| Details | IPv4 | 1 | 114.55.173.68 |
|
| Details | IPv4 | 1 | 115.159.143.241 |
|
| Details | IPv4 | 1 | 116.62.115.46 |
|
| Details | IPv4 | 1 | 117.78.1.204 |
|
| Details | IPv4 | 1 | 119.29.189.237 |
|
| Details | IPv4 | 1 | 119.3.141.162 |
|
| Details | IPv4 | 1 | 120.48.22.178 |
|
| Details | IPv4 | 1 | 120.79.29.153 |
|
| Details | IPv4 | 1 | 120.92.139.155 |
|
| Details | IPv4 | 1 | 121.196.153.136 |
|
| Details | IPv4 | 1 | 121.196.63.110 |
|
| Details | IPv4 | 1 | 121.5.103.116 |
|
| Details | IPv4 | 1 | 121.5.162.169 |
|
| Details | IPv4 | 1 | 123.57.73.247 |
|
| Details | IPv4 | 1 | 124.156.148.167 |
|
| Details | IPv4 | 1 | 13.51.149.17 |
|
| Details | IPv4 | 1 | 134.122.134.87 |
|
| Details | IPv4 | 1 | 134.209.5.246 |
|
| Details | IPv4 | 1 | 134.209.92.85 |
|
| Details | IPv4 | 1 | 139.155.27.71 |
|
| Details | IPv4 | 1 | 139.155.42.254 |
|
| Details | IPv4 | 1 | 139.162.221.161 |
|
| Details | IPv4 | 1 | 192.46.221.58 |
|
| Details | IPv4 | 1 | 139.196.153.6 |
|
| Details | IPv4 | 3 | 139.60.161.99 |
|
| Details | IPv4 | 1 | 14.192.48.91 |
|
| Details | IPv4 | 1 | 144.34.187.147 |
|
| Details | IPv4 | 1 | 145.249.106.104 |
|
| Details | IPv4 | 1 | 145.249.107.35 |
|
| Details | IPv4 | 1 | 149.248.1.200 |
|
| Details | IPv4 | 1 | 149.28.20.245 |
|
| Details | IPv4 | 1 | 149.28.233.123 |
|
| Details | IPv4 | 1 | 151.236.14.53 |
|
| Details | IPv4 | 1 | 154.220.3.226 |
|
| Details | IPv4 | 1 | 154.91.164.69 |
|
| Details | IPv4 | 1 | 155.138.215.103 |
|
| Details | IPv4 | 1 | 156.236.114.72 |
|
| Details | IPv4 | 1 | 156.255.2.36 |
|
| Details | IPv4 | 1 | 156.255.3.224 |
|
| Details | IPv4 | 1 | 159.75.136.108 |
|
| Details | IPv4 | 1 | 160.124.103.152 |
|
| Details | IPv4 | 1 | 163.172.39.102 |
|
| Details | IPv4 | 2 | 164.138.25.191 |
|
| Details | IPv4 | 2 | 46.19.37.133 |
|
| Details | IPv4 | 1 | 167.179.79.212 |
|
| Details | IPv4 | 4 | 172.241.27.70 |
|
| Details | IPv4 | 1 | 172.67.129.206 |
|
| Details | IPv4 | 1 | 172.81.205.217 |
|
| Details | IPv4 | 1 | 172.82.148.202 |
|
| Details | IPv4 | 1 | 172.98.192.91 |
|
| Details | IPv4 | 1 | 172.98.192.94 |
|
| Details | IPv4 | 1 | 173.82.197.229 |
|
| Details | IPv4 | 1 | 175.24.138.70 |
|
| Details | IPv4 | 1 | 176.105.252.144 |
|
| Details | IPv4 | 1 | 176.111.174.66 |
|
| Details | IPv4 | 1 | 176.121.14.113 |
|
| Details | IPv4 | 1 | 18.163.120.26 |
|
| Details | IPv4 | 1 | 185.106.123.101 |
|
| Details | IPv4 | 1 | 185.14.29.42 |
|
| Details | IPv4 | 2 | 185.153.199.164 |
|
| Details | IPv4 | 1 | 185.158.248.106 |
|
| Details | IPv4 | 1 | 185.158.249.38 |
|
| Details | IPv4 | 1 | 185.162.235.35 |
|
| Details | IPv4 | 1 | 185.20.186.108 |
|
| Details | IPv4 | 1 | 185.213.175.149 |
|
| Details | IPv4 | 1 | 185.232.52.137 |
|
| Details | IPv4 | 1 | 185.25.51.172 |
|
| Details | IPv4 | 1 | 185.25.51.55 |
|
| Details | IPv4 | 1 | 185.82.202.123 |
|
| Details | IPv4 | 1 | 188.119.113.24 |
|
| Details | IPv4 | 1 | 192.168.100.103 |
|
| Details | IPv4 | 1 | 193.112.10.125 |
|
| Details | IPv4 | 1 | 193.29.13.209 |
|
| Details | IPv4 | 1 | 194.15.216.20 |
|
| Details | IPv4 | 1 | 194.165.16.60 |
|
| Details | IPv4 | 1 | 195.123.217.45 |
|
| Details | IPv4 | 1 | 195.123.222.12 |
|
| Details | IPv4 | 1 | 195.123.222.5 |
|
| Details | IPv4 | 1 | 202.182.101.162 |
|
| Details | IPv4 | 1 | 207.148.107.212 |
|
| Details | IPv4 | 1 | 207.148.65.247 |
|
| Details | IPv4 | 1 | 209.141.37.21 |
|
| Details | IPv4 | 1 | 212.95.157.61 |
|
| Details | IPv4 | 2 | 213.135.78.244 |
|
| Details | IPv4 | 2 | 213.202.211.246 |
|
| Details | IPv4 | 1 | 213.217.0.216 |
|
| Details | IPv4 | 1 | 213.217.0.217 |
|
| Details | IPv4 | 2 | 213.217.0.218 |
|
| Details | IPv4 | 1 | 213.252.244.213 |
|
| Details | IPv4 | 1 | 213.252.245.19 |
|
| Details | IPv4 | 1 | 217.12.201.100 |
|
| Details | IPv4 | 1 | 217.12.218.46 |
|
| Details | IPv4 | 1 | 218.253.251.115 |
|
| Details | IPv4 | 1 | 23.106.223.79 |
|
| Details | IPv4 | 2 | 23.163.0.12 |
|
| Details | IPv4 | 1 | 3.137.217.140 |
|
| Details | IPv4 | 1 | 31.44.184.232 |
|
| Details | IPv4 | 1 | 31.44.184.73 |
|
| Details | IPv4 | 1 | 31.44.3.198 |
|
| Details | IPv4 | 1 | 34.92.237.17 |
|
| Details | IPv4 | 1 | 34.96.156.66 |
|
| Details | IPv4 | 1 | 35.200.6.25 |
|
| Details | IPv4 | 1 | 35.221.239.215 |
|
| Details | IPv4 | 1 | 35.224.197.52 |
|
| Details | IPv4 | 1 | 35.236.132.18 |
|
| Details | IPv4 | 1 | 37.252.120.101 |
|
| Details | IPv4 | 2 | 37.61.205.212 |
|
| Details | IPv4 | 1 | 39.97.216.224 |
|
| Details | IPv4 | 1 | 42.192.119.64 |
|
| Details | IPv4 | 1 | 42.193.127.38 |
|
| Details | IPv4 | 1 | 42.193.220.214 |
|
| Details | IPv4 | 1 | 42.194.133.101 |
|
| Details | IPv4 | 1 | 45.137.10.148 |
|
| Details | IPv4 | 1 | 45.138.209.73 |
|
| Details | IPv4 | 1 | 45.144.3.120 |
|
| Details | IPv4 | 1 | 45.145.36.210 |
|
| Details | IPv4 | 1 | 45.146.164.199 |
|
| Details | IPv4 | 1 | 45.146.165.143 |
|
| Details | IPv4 | 1 | 45.199.160.117 |
|
| Details | IPv4 | 1 | 45.32.136.204 |
|
| Details | IPv4 | 1 | 45.32.92.183 |
|
| Details | IPv4 | 1 | 45.33.27.73 |
|
| Details | IPv4 | 1 | 45.76.202.78 |
|
| Details | IPv4 | 1 | 45.77.249.181 |
|
| Details | IPv4 | 1 | 45.92.156.97 |
|
| Details | IPv4 | 6 | 45.93.201.114 |
|
| Details | IPv4 | 1 | 46.101.98.38 |
|
| Details | IPv4 | 1 | 47.103.102.194 |
|
| Details | IPv4 | 1 | 47.103.158.65 |
|
| Details | IPv4 | 1 | 47.104.143.234 |
|
| Details | IPv4 | 1 | 47.104.156.242 |
|
| Details | IPv4 | 1 | 47.104.253.89 |
|
| Details | IPv4 | 1 | 47.108.16.11 |
|
| Details | IPv4 | 1 | 47.108.246.116 |
|
| Details | IPv4 | 1 | 47.110.147.243 |
|
| Details | IPv4 | 1 | 47.111.163.10 |
|
| Details | IPv4 | 1 | 47.114.36.45 |
|
| Details | IPv4 | 1 | 47.115.54.254 |
|
| Details | IPv4 | 1 | 47.56.219.26 |
|
| Details | IPv4 | 1 | 47.57.125.197 |
|
| Details | IPv4 | 1 | 47.90.202.152 |
|
| Details | IPv4 | 1 | 47.94.20.209 |
|
| Details | IPv4 | 1 | 47.98.99.15 |
|
| Details | IPv4 | 1 | 47.99.178.84 |
|
| Details | IPv4 | 1 | 49.234.184.176 |
|
| Details | IPv4 | 1 | 49.234.93.169 |
|
| Details | IPv4 | 1 | 49.235.217.243 |
|
| Details | IPv4 | 1 | 49.235.92.191 |
|
| Details | IPv4 | 1 | 5.181.156.46 |
|
| Details | IPv4 | 2 | 5.189.184.60 |
|
| Details | IPv4 | 1 | 5.2.70.173 |
|
| Details | IPv4 | 1 | 5.252.179.195 |
|
| Details | IPv4 | 1 | 5.34.178.43 |
|
| Details | IPv4 | 1 | 5.34.182.210 |
|
| Details | IPv4 | 3 | 5.39.221.60 |
|
| Details | IPv4 | 1 | 51.83.79.151 |
|
| Details | IPv4 | 1 | 52.211.36.208 |
|
| Details | IPv4 | 1 | 52.229.22.93 |
|
| Details | IPv4 | 1 | 54.202.73.244 |
|
| Details | IPv4 | 1 | 59.63.224.101 |
|
| Details | IPv4 | 1 | 61.168.100.179 |
|
| Details | IPv4 | 1 | 62.171.142.145 |
|
| Details | IPv4 | 1 | 66.42.56.42 |
|
| Details | IPv4 | 2 | 69.49.229.88 |
|
| Details | IPv4 | 1 | 74.121.148.47 |
|
| Details | IPv4 | 1 | 78.128.112.134 |
|
| Details | IPv4 | 1 | 78.128.112.215 |
|
| Details | IPv4 | 1 | 79.110.52.172 |
|
| Details | IPv4 | 1 | 8.136.228.12 |
|
| Details | IPv4 | 1 | 8.140.105.214 |
|
| Details | IPv4 | 1 | 8.210.161.205 |
|
| Details | IPv4 | 1 | 81.69.10.55 |
|
| Details | IPv4 | 1 | 81.70.155.208 |
|
| Details | IPv4 | 1 | 85.208.110.108 |
|
| Details | IPv4 | 1 | 88.198.165.127 |
|
| Details | IPv4 | 1 | 94.103.94.203 |
|
| Details | IPv4 | 1 | 95.179.239.225 |
|
| Details | IPv4 | 1 | 98.142.143.100 |
|
| Details | IPv4 | 2 | 104.243.41.123 |
|
| Details | IPv4 | 1 | 185.25.51.67 |
|
| Details | IPv4 | 1 | 64.187.239.74 |
|
| Details | IPv4 | 3 | 185.118.166.205 |
|
| Details | IPv4 | 2 | 176.123.8.228 |
|
| Details | IPv4 | 1 | 207.148.29.168 |
|
| Details | Url | 1 | https://m1xg.tk,/pixel,https://m1xg.cf,/activity49.235.92.191,/__utm.gif |