Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a6fc4b4f-536b-4c3a-8abc-00f3fa09085c |
| Fingerprint | 34007f196db545a0 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 23, 2022, midnight |
| Added to db | Jan. 16, 2023, 3:52 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike |
| Title | Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike |
| Detected Hints/Tags/Attributes | 70/1/45 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | tf.zip |
|
| Details | Domain | 4 | releases.hashicorp.com |
|
| Details | Domain | 3 | providers.tf |
|
| Details | Domain | 5 | variables.tf |
|
| Details | Domain | 1 | lighthouse.tf |
|
| Details | Domain | 1 | team-server.tf |
|
| Details | Domain | 1 | edge-redirectors.tf |
|
| Details | Domain | 1 | internal-redirectors.tf |
|
| Details | Domain | 1 | security.tf |
|
| Details | Domain | 1 | output.tf |
|
| Details | Domain | 1 | dns.tf |
|
| Details | Domain | 1 | windows.pe |
|
| Details | Domain | 1 | setup.tf |
|
| Details | Domain | 1 | cleanup.tf |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 1 | cobaltstrike.zip |
|
| Details | Domain | 1 | acme-staging-v02.api.letsencrypt.org |
|
| Details | Domain | 1 | acme.store |
|
| Details | Domain | 33 | start.sh |
|
| Details | File | 1 | tf.zip |
|
| Details | File | 1 | 9_linux_amd64.zip |
|
| Details | File | 1 | red_nebula_rsa.pub |
|
| Details | File | 32 | ca.crt |
|
| Details | File | 1 | _init.gif |
|
| Details | File | 1 | __init.gif |
|
| Details | File | 17 | __utm.gif |
|
| Details | File | 1 | ___utm.gif |
|
| Details | File | 2 | 2_linux_amd64.tar |
|
| Details | File | 1 | cobaltstrike.zip |
|
| Details | File | 1 | c2_build.py |
|
| Details | Github username | 2 | caddyserver |
|
| Details | IPv4 | 1 | 66.228.47.96 |
|
| Details | IPv4 | 21 | 192.168.100.1 |
|
| Details | IPv4 | 5 | 192.168.100.10 |
|
| Details | IPv4 | 5 | 192.168.100.20 |
|
| Details | IPv4 | 1 | 192.168.100.110 |
|
| Details | IPv4 | 1 | 192.168.100.120 |
|
| Details | IPv4 | 2 | 192.168.100.200 |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | IPv4 | 63 | 8.8.4.4 |
|
| Details | IPv4 | 1 | 192.168.100.250 |
|
| Details | IPv4 | 1 | 172.104.29.249 |
|
| Details | IPv4 | 1 | 172.104.29.143 |
|
| Details | Url | 1 | https://releases.hashicorp.com/terraform/1.2.9/terraform_1.2.9_linux_amd64.zip |
|
| Details | Url | 1 | https://github.com/caddyserver/caddy/releases/download/v2.5.2/caddy_2.5.2_linux_amd64.tar.gz |