Writing a BugSleep C2 server and detecting its traffic with Snort
Tags
| attack-pattern: | Data Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 8708526c-a414-4932-a57a-de334b1e7813 |
| Fingerprint | f4f1bd5ca8018e93 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 30, 2024, 6 a.m. |
| Added to db | Oct. 30, 2024, 11:11 a.m. |
| Last updated | May 24, 2025, 7:28 a.m. |
| Headline | Cisco Talos Blog |
| Title | Writing a BugSleep C2 server and detecting its traffic with Snort |
| Detected Hints/Tags/Attributes | 42/1/11 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.talosintelligence.com/writing-a-bugsleep-c2-server/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 68 | ✔ | Cisco Talos Blog | https://blog.talosintelligence.com/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 2721 | cmd.exe |
|
| Details | File | 2 | snort.raw |
|
| Details | sha256 | 4 | b8703744744555ad841f922995cef5dbca11da22565195d05529f5f9095fbfca |
|
| Details | sha256 | 4 | 94278fa01900fdbfb58d2e373895c045c69c01915edc5349cd6f3e5b7130c472 |
|
| Details | sha256 | 4 | 73c677dd3b264e7eb80e26e78ac9df1dba30915b5ce3b1bc1c83db52b9c6b30e |
|
| Details | sha256 | 3 | 5df724c220aed7b4878a2a557502a5cefee736406e25ca48ca11a70608f3a1c0 |
|
| Details | sha256 | 4 | 960d4c9e79e751be6cad470e4f8e1d3a2b11f76f47597df8619ae41c96ba5809 |
|
| Details | IPv4 | 2 | 1.235.234.202 |
|
| Details | IPv4 | 4 | 146.19.143.14 |
|
| Details | IPv4 | 3 | 46.19.143.14 |
|
| Details | IPv4 | 2 | 5.239.61.97 |