ioc[.]one - OSINT Cyber Threat Intelligence Database

Stats from Hunting Cobalt Strike Beacons

Tags

attack-pattern:

Data Dns - T1071.004 Dns - T1590.002 Rundll32 - T1218.011 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	a4d2d0b0-1ceb-448d-816d-b698d4f8f079
Fingerprint	18420fb6538cecd7
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 6, 2021, 11:46 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 18, 2024, 12:28 p.m.
Headline	Stats from Hunting Cobalt Strike Beacons
Title	Stats from Hunting Cobalt Strike Beacons
Detected Hints/Tags/Attributes	24/1/19

Source URLs

	Redirection	Url
Details	Source	https://svch0st.medium.com/stats-from-hunting-cobalt-strike-beacons-c17e56255f9b

URL Provider

Details	Provider	Source level domain
Details	medium.com	svch0st.medium.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		thefaithfulamerican.com
Details	File	44		submit.php
Details	File	218		min.js
Details	File	1020		rundll32.exe
Details	File	2		%windir%\syswow64\eventvwr.exe
Details	File	1		%windir%\syswow64\backgroundtaskhost.exe
Details	File	1		%windir%\system32\mobsync.exe
Details	File	1		%windir%\sysnative\adobe64.exe
Details	File	1		jarmfuzzy.txt
Details	File	1		%windir%\\system32\\mobsync.exe
Details	File	1		sessioncacheupdatehandler.html
Details	File	1		%windir%\\syswow64\\nslookup.exe
Details	md5	1		7118007ad133a9dcd59419beef0896a5
Details	md5	1		bf1ca95090d0870729c72b216b7964b5
Details	sha1	1		590d700e79f71222c959cc2be46070725c5f76a1
Details	sha1	1		f4cf79e7735053836fe7e435d7b0c0a511aa2ea6
Details	sha256	1		f89869fd338c4ef527f31f836308f9906a3991ac45d6f56d4004eea8f91e6ca3
Details	sha256	1		bf4ee9664fba51a1bbbdad13a598688914a48465fac3993c096c6d2cc0c2c021
Details	IPv4	619		0.0.0.0