Cobalt Strike Beacon Detected - 43[.]138[.]132[.]137:6666 - RedPacket Security
Tags
country: China
attack-pattern: Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 9282304d-45e3-44b6-9266-e39030242bc2
Fingerprint 414b43425f8cca8d
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 12, 2024, 12:48 p.m.
Added to db Oct. 12, 2024, 1:50 p.m.
Last updated Dec. 21, 2024, 3:58 p.m.
Headline Cobalt Strike Beacon Detected – 43[.]138[.]132[.]137:6666
Title Cobalt Strike Beacon Detected - 43[.]138[.]132[.]137:6666 - RedPacket Security
Detected Hints/Tags/Attributes 24/2/5
Source URLs
Redirection Url
Details Source https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-43-138-132-137-port-6666/
Details Source https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-43-138-132-137-port-444/
Details Source https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-43-138-132-137-port-8081/
URL Provider
Details Provider Source level domain
Details redpacketsecurity.com www.redpacketsecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 361 RedPacket Security https://www.redpacketsecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
www.offwork.blog
Details File 469 
security.txt
Details File 422 
process-inject.exe
Details IPv4 1 
43.138.132.137
Details Url 1 
http://www.offwork.blog