Responding to a Cobalt Strike attack — Part II
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 4ab34bc6-73dd-40af-a403-8ae4b4031425 |
| Fingerprint | 846aa3362b8b1e1e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 14, 2021, midnight |
| Added to db | Aug. 31, 2024, 10:50 a.m. |
| Last updated | Nov. 17, 2024, 5:58 p.m. |
| Headline | Responding to a Cobalt Strike attack — Part II |
| Title | Responding to a Cobalt Strike attack — Part II |
| Detected Hints/Tags/Attributes | 55/2/25 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 417 | ✔ | Invictus Incident Response blog | https://www.invictus-ir.com/news/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 102 | cve-2021-40444 |
|
| Details | Domain | 23 | www.cobaltstrike.com |
|
| Details | Domain | 2 | svch0st.medium.com |
|
| Details | Domain | 1 | blog.securehat.co.uk |
|
| Details | Domain | 6 | community.sophos.com |
|
| Details | Domain | 2 | newtonpaul.com |
|
| Details | Domain | 219 | gist.github.com |
|
| Details | File | 3 | championship.inf |
|
| Details | File | 3 | run_speakeasy.py |
|
| Details | File | 1 | cobalt_raw.dat |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 1 | csmanual44.pdf |
|
| Details | Github username | 2 | 0xtornado |
|
| Details | md5 | 2 | 69d12572520122cb9bddc2d6793d97ab |
|
| Details | sha1 | 1 | 53b31e513d8e23e30b7f133d4504ca7429f0e1fe |
|
| Details | sha1 | 1 | 6c10d7d88606ac1afd30b4e61bf232329a276cdc |
|
| Details | sha1 | 1 | 744f9ba9f24f56c56b593404209c1cc19610354c |
|
| Details | sha1 | 1 | 2bc64aa86ccaf4a3f99c512fb4efaf811d97509c |
|
| Details | IPv4 | 1 | 1.15.157.229 |
|
| Details | Url | 1 | https://www.cobaltstrike.com/downloads/csmanual44.pdf |
|
| Details | Url | 1 | https://svch0st.medium.com/stats-from-hunting-cobalt-strike-beacons-c17e56255f9b |
|
| Details | Url | 1 | https://blog.securehat.co.uk/cobaltstrike/extracting-config-from-cobaltstrike-stager-shellcode |
|
| Details | Url | 1 | https://community.sophos.com/sophos-labs/b/blog/posts/decoding-malicious-powershell |
|
| Details | Url | 2 | https://newtonpaul.com/analysing-fileless-malware-cobalt-strike-beacon |
|
| Details | Url | 1 | https://gist.github.com/0xtornado/69d12572520122cb9bddc2d6793d97ab |