Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine
Tags
| country: | Ukraine |
| attack-pattern: | Data Direct Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 95ab9ef4-5540-49e5-a441-b7e2f96bbe54 |
| Fingerprint | e280b1ff3130ae0f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 8, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 20, 2024, 4:44 a.m. |
| Headline | Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine |
| Title | Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine |
| Detected Hints/Tags/Attributes | 39/2/19 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | klycnmik.com |
|
| Details | Domain | 1 | axikok.com |
|
| Details | Domain | 1 | blopik.com |
|
| Details | Domain | 1 | dezword.com |
|
| Details | Domain | 1 | verofes.com |
|
| Details | Domain | 1 | furfen.com |
|
| Details | Domain | 1 | shizij.com |
|
| Details | Domain | 1 | ngrety.com |
|
| Details | Domain | 1 | korunder.com |
|
| Details | Domain | 1 | vedingumbr.com |
|
| Details | Domain | 1 | jenevabaiden.com |
|
| Details | Domain | 1 | zeronyk.com |
|
| Details | Domain | 1 | shevronf.com |
|
| Details | Domain | 1 | dunclikf.com |
|
| Details | Domain | 1 | nentundo.com |
|
| Details | Domain | 1 | gelmutol.com |
|
| Details | Domain | 1 | axelkim.com |
|
| Details | Domain | 1 | gookju.com |
|
| Details | File | 221 | min.js |